Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Staff Sign In
Sign Up

Resolved Malware Removal Logs

rootkit help for rootkit return

laradj

By laradj
November 24, 2009 in Resolved Malware Removal Logs

Share

Recommended Posts

laradj

laradj

Posted November 24, 2009

- Share

Posted November 24, 2009

MAM keeps finding the same rootkit infecetion. i ran rootrepeal and here is the report. can anyone tell me what to delete to remove the rootkit.tdss virus. i tried running gmer but it crashes everytime it scans

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/11/23 17:09

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP1

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\Windows\System32\Drivers\dump_atapi.sys

Address: 0x8F580000 Size: 32768 File Visible: No Signed: -

Status: -

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x8F575000 Size: 45056 File Visible: No Signed: -

Status: -

Name: PctWfpFilter.sys

Image Path: \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys

Address: 0x8F354000 Size: 118784 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0x9E4D2000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{99f37dcb-d856-11de-b7a8-0021866afbed}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{b04b6d43-d84d-11de-aed6-0021866afbed}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{b359de36-d861-11de-b0f4-0021866afbed}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{d040e230-d85e-11de-9299-0021866afbed}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{d9d5e66a-d7f9-11de-b210-0021866afbed}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{d9d5e670-d7f9-11de-b210-0021866afbed}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: c:\programdata\symantec\common client\volatile.dat

Status: Allocation size mismatch (API: 136, Raw: 0)

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e

58.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea

1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850

4d2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3c

e6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8

cc63a6e4c2a3.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe7680

6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5

6e60dc5df.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab

ac38a907ee8801.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f3

9.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c

0566bec5b24.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a

620671dde41.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d

f268b7c6d9.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588

445e3d272feb1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f

59bf601aa775.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd

a6db.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc

0ea08098.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0e

bd6590e0b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949

b06671d08ae.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c

2866332652.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf

c6cd11929a02.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d

131.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0ef

b442f8a0f46c.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898

0e994a5d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e

1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f2

1d3d46d84.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d

d7dea5d5a7a18a.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c127

9468b7b84b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17

b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_5169

53ad0f4d16c4.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b

5d18a9128.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_588

43c41d2730d3f.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d

5e63e93b68.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003

bc63e949f6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5

ca663317c4.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053

e8c6967ba9d.cat

Status: Locked to the Windows API!

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

SSDT

-------------------

#: 021 Function Name: NtAlpcConnectPort

Status: Hooked by "<unknown>" at address 0x87719d78

#: 072 Function Name: NtCreateProcess

Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x80766cdc

#: 073 Function Name: NtCreateProcessEx

Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x80766ece

#: 334 Function Name: NtTerminateProcess

Status: Hooked by "C:\Windows\system32\drivers\TfSysMon.sys" at address 0x807acb30

#: 383 Function Name: NtCreateUserProcess

Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x807670d6

==EOF==

Link to post

Share on other sites

chamber

Posted November 24, 2009

- Share

Posted November 24, 2009

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post

Share on other sites

laradj

laradj

Posted November 25, 2009

Author

- Share

Posted November 25, 2009

OTL logfile created on: 11/24/2009 10:30:19 PM - Run 1

OTL by OldTimer - Version 3.1.9.0 Folder = C:\Users\Cassidy\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 89.91% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 174.47 Gb Total Space | 25.60 Gb Free Space | 14.68% Space Free | Partition Type: NTFS

Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OFFICE-HP

Current User Name: Cassidy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Cassidy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)

PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)

PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()

PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\Cassidy\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\GdiPlus.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\linkinfo.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)

SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (LiveUpdate Notice) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)

SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (QPCapSvc) QuickPlay Background Capture Service (QBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()

SRV - (QPSched) QuickPlay Task Scheduler (QTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()

SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()

SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)

SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)

DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)

DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)

DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)

DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080911.003\IDSvix86.sys (Symantec Corporation)

DRV - (PTDUWWAN) -- C:\Windows\System32\drivers\PTDUWWAN.sys (DEVGURU Co,LTD.)

DRV - (PTDUVsp) -- C:\Windows\System32\drivers\PTDUVsp.sys (DEVGURU Co,LTD.)

DRV - (PTDUMdm) -- C:\Windows\System32\drivers\PTDUMdm.sys (DEVGURU Co,LTD.)

DRV - (PTDUBus) -- C:\Windows\System32\drivers\PTDUBus.sys (DEVGURU Co,LTD.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (StillCam) -- C:\Windows\System32\drivers\serscan.sys (Microsoft Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (atapi) -- C:\Windows\system32\drivers\atapi.sys ()

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 0B C9 27 22 45 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/30 02:15:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 10:36:28 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock 2.0\extensions\\Components: C:\Program Files\Flock\components [2009/10/06 18:37:51 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/10/06 18:37:49 | 00,000,000 | ---D | M]

[2009/09/27 16:22:01 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\mozilla\Extensions

[2009/09/27 16:22:01 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Cassidy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll File not found

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab (DASWebDownload Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/24 18:23:11 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 07:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 21:59:42 | 00,530,944 | ---- | C] (OldTimer Tools) -- C:\Users\Cassidy\Desktop\OTL.exe

[2009/11/24 20:23:01 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Local\Adobe

[2009/11/23 22:32:10 | 00,000,000 | --SD | C] -- C:\q7dlilvj4560q

[2009/11/23 20:55:02 | 00,000,000 | --SD | C] -- C:\q7dlilvj

[2009/11/23 18:34:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2009/11/23 18:34:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2009/11/23 18:34:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2009/11/23 18:34:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2009/11/23 18:34:16 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

[2009/11/23 18:22:10 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/23 16:51:57 | 00,000,000 | ---D | C] -- C:\Windows\pss

[2009/11/23 15:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/23 15:09:28 | 00,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys

[2009/11/23 15:09:27 | 00,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys

[2009/11/23 15:09:27 | 00,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys

[2009/11/23 15:09:06 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll

[2009/11/23 15:09:06 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2009/11/23 15:09:06 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll

[2009/11/23 15:07:15 | 00,229,304 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2009/11/23 15:07:15 | 00,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2009/11/23 15:07:11 | 00,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2009/11/23 15:07:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2009/11/23 15:07:03 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2009/11/23 15:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009/11/23 15:06:58 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\PC Tools

[2009/11/23 15:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009/11/23 11:13:53 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2009/11/23 10:27:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Google

[2009/11/23 10:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\Google

[2009/11/23 10:25:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/11/23 10:25:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/11/23 10:25:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/23 08:34:18 | 00,000,000 | ---D | C] -- C:\ProgramData\wuzakoba

[2009/11/23 08:34:18 | 00,000,000 | ---D | C] -- C:\ProgramData\nuhugofe

[2009/11/23 08:24:09 | 00,000,000 | ---D | C] -- C:\Program Files\Pittsburgh Steelers Toolbar

[2009/11/22 01:54:42 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\Regensoft

[2009/11/21 10:28:03 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2009/11/21 10:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/11/19 12:10:51 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2009/11/19 10:57:10 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\HP

[2009/11/19 10:57:07 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Local\HP

[2009/11/19 10:55:25 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2009/11/19 10:51:15 | 00,000,000 | ---D | C] -- C:\Windows\hpojp8500a909

[2009/11/19 10:47:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2009/11/19 10:46:07 | 00,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll

[2009/11/19 10:46:05 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l082.dll

[2009/11/19 10:45:50 | 00,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll

[2009/11/19 10:45:50 | 00,741,376 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll

[2009/11/19 10:45:50 | 00,364,544 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll

[2009/11/19 10:45:50 | 00,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll

[2009/11/19 10:45:23 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2009/11/16 17:05:14 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\Uniblue

[2009/11/11 10:29:39 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2009/11/11 10:28:07 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2009/11/08 08:11:27 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/11/08 08:11:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/11/08 08:11:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/11/08 08:11:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/11/04 08:06:43 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/11/04 08:06:42 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/11/03 08:04:35 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\Documents\Hawaii tours

[2009/10/28 22:11:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2009/10/28 22:00:17 | 00,000,000 | ---D | C] -- C:\beb23200859bb7f796ee84ad0fefa9

[2009/10/26 21:06:43 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\Malwarebytes

[2009/10/26 21:06:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/10/14 12:19:23 | 00,006,944 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\d3d9caps.dat

[2009/09/28 02:30:35 | 00,028,029 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/09/28 02:30:35 | 00,028,029 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/09/27 14:42:24 | 00,027,525 | ---- | C] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.001

[2009/09/27 14:42:23 | 00,027,525 | ---- | C] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.dat

[2008/09/05 18:17:21 | 00,088,576 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/27 19:54:32 | 01,966,217 | -H-- | C] () -- C:\Users\Cassidy\AppData\Local\IconCache.db

[2008/08/27 19:52:48 | 00,000,000 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\QSwitch.txt

[2008/08/27 19:52:48 | 00,000,000 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\DSwitch.txt

[2008/08/27 19:52:48 | 00,000,000 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\AtStart.txt

[2008/08/27 19:52:38 | 00,078,664 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\GDIPFONTCACHEV1.DAT

[2008/04/24 18:38:18 | 00,001,231 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2006/11/02 04:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

[2006/11/02 04:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2006/11/02 04:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 04:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 04:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2009/11/24 22:31:03 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll

[2009/11/24 22:30:27 | 02,883,584 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat

[2009/11/24 21:59:42 | 00,530,944 | ---- | M] (OldTimer Tools) -- C:\Users\Cassidy\Desktop\OTL.exe

[2009/11/24 21:54:06 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2009/11/24 21:01:43 | 00,023,040 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll

[2009/11/24 20:56:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/11/24 20:56:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/11/24 14:56:56 | 00,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/11/24 14:56:56 | 00,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/11/24 14:56:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/11/24 14:56:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/11/24 14:56:21 | 31,529,86112 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/24 14:55:38 | 00,524,288 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000001.regtrans-ms

[2009/11/24 14:55:38 | 00,065,536 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TM.blf

[2009/11/24 14:55:17 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2009/11/24 14:55:14 | 01,966,217 | -H-- | M] () -- C:\Users\Cassidy\AppData\Local\IconCache.db

[2009/11/23 15:35:39 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/11/23 15:25:48 | 00,001,874 | ---- | M] () -- C:\Users\Cassidy\Desktop\HijackThis.lnk

[2009/11/23 15:07:07 | 00,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk

[2009/11/23 14:49:32 | 00,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2009/11/23 10:25:32 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/23 09:34:42 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\mosewisu

[2009/11/22 22:54:57 | 00,088,576 | ---- | M] () -- C:\Users\Cassidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/22 21:44:16 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 35 of 40-identity theft.doc

[2009/11/22 21:43:47 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 34 of 40-home loans.doc

[2009/11/22 21:43:13 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 33 of 40-auto loans.doc

[2009/11/22 21:42:26 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 32 of 40-certificates of deposit.doc

[2009/11/22 21:41:59 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 31 of 40-savings accounts.doc

[2009/11/22 21:41:31 | 00,028,160 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 30 of 40-student loans.doc

[2009/11/22 21:37:20 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 29 of 40-personal loans.doc

[2009/11/22 21:03:07 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 28 of 40-mortgage loans.doc

[2009/11/22 19:59:52 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 27 of 40-identity theft.doc

[2009/11/22 19:21:20 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 26 of 40-home loans.doc

[2009/11/20 09:24:13 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/11/20 09:24:13 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/11/20 09:24:13 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/11/19 17:50:50 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 25 of 40-auto loans.doc

[2009/11/19 17:17:10 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 24 of 40-certificates of deposit.doc

[2009/11/19 15:47:12 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 23 of 40-savings accounts.doc

[2009/11/19 10:57:33 | 00,188,626 | ---- | M] () -- C:\Windows\hpwins22.dat

[2009/11/19 10:56:58 | 00,000,291 | ---- | M] () -- C:\Windows\win.ini

[2009/11/19 10:55:16 | 00,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2009/11/19 10:54:56 | 00,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2009/11/19 10:53:02 | 00,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/11/19 10:42:17 | 00,016,346 | ---- | M] () -- C:\Windows\hpdj5100.his

[2009/11/19 10:42:17 | 00,003,384 | ---- | M] () -- C:\Windows\hpdj5100.ini

[2009/11/19 10:40:12 | 00,000,103 | ---- | M] () -- C:\Windows\System32\hptrace.ini

[2009/11/17 18:47:54 | 00,028,160 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 22 of 40-student loans.doc

[2009/11/17 14:51:27 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 21 of 40-personal loans.doc

[2009/11/16 18:52:23 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 20 of 40-mortgage loans.doc

[2009/11/15 20:51:41 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 19 of 40-identity theft.doc

[2009/11/15 20:15:23 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 18 of 40-home loans.doc

[2009/11/15 19:23:07 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 17 of 40-auto loans.doc

[2009/11/15 18:44:18 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 16 of 40-certificates of deposit.doc

[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe

[2009/11/13 09:03:21 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 15 of 40-savings accounts.doc

[2009/11/12 09:30:22 | 00,028,672 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 14 of 40-student loans.doc

[2009/11/12 03:21:49 | 00,317,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/11/10 23:36:43 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 13 of 40-personal loans.doc

[2009/11/10 22:40:44 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 12 of 40-mortgage loans.doc

[2009/11/09 22:01:44 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 11 of 40-identity theft.doc

[2009/11/09 20:09:06 | 00,027,136 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 10 of 40-home loans.doc

[2009/11/08 20:59:12 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 9 of 45-auto loans.doc

[2009/11/08 20:03:04 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 8 of 45-certificates of deposit.doc

[2009/11/08 18:55:21 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 7 of 45-savings accounts.doc

[2009/11/08 08:10:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/11/08 08:10:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/11/08 08:10:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/11/08 08:10:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/11/06 07:15:34 | 00,027,648 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 6 of 45-student loans.doc

[2009/11/04 21:42:06 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 5 of 45-personal loans.doc

[2009/11/04 20:37:45 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 4 of 45-mortgage loans.doc

[2009/11/04 09:50:19 | 00,029,184 | ---- | M] () -- C:\Users\Cassidy\Documents\Dan Wesley Marine Electronics Blog-Day 5 of Oct-The Good the Bad and the Beauty of Underwater Lights.doc

[2009/11/04 09:50:03 | 00,032,256 | ---- | M] () -- C:\Users\Cassidy\Documents\10-26-09_A_What_If_The_Government_Runs_Out_Of_Money.doc

[2009/11/03 23:00:16 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 3 of 45-identity theft.doc

[2009/11/03 21:17:19 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 2 of 45-home loans.doc

[2009/11/03 09:32:12 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 1 of 25-article 1 of 45-auto loans - Copy.doc

[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2009/11/01 19:00:47 | 00,028,160 | ---- | M] () -- C:\Users\Cassidy\Documents\twitter article.doc

[2009/11/01 18:58:51 | 00,067,584 | ---- | M] () -- C:\Users\Cassidy\Documents\resume ll.doc

[2009/10/30 11:48:55 | 00,524,288 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000002.regtrans-ms

[2009/10/29 06:12:53 | 00,524,288 | -HS- | M] () -- C:\Users\Cassidy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009/10/29 06:12:53 | 00,065,536 | -HS- | M] () -- C:\Users\Cassidy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2009/10/28 09:38:18 | 00,091,293 | ---- | M] () -- C:\Users\Cassidy\Desktop\geico policy.pdf

[2009/10/27 20:51:19 | 00,252,660 | ---- | M] () -- C:\Users\Cassidy\Documents\Approved Medicare Prescriptions.pdf

========== Files Created - No Company Name ==========

[2009/11/24 15:01:33 | 00,023,040 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll

[2009/11/24 15:01:33 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll

[2009/11/23 18:34:39 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe

[2009/11/23 18:34:39 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2009/11/23 18:34:39 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2009/11/23 18:34:39 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2009/11/23 18:34:39 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2009/11/23 15:25:48 | 00,001,874 | ---- | C] () -- C:\Users\Cassidy\Desktop\HijackThis.lnk

[2009/11/23 15:09:06 | 01,152,470 | ---- | C] () -- C:\Windows\UDB.zip

[2009/11/23 15:09:06 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2009/11/23 15:09:06 | 00,000,883 | ---- | C] () -- C:\Windows\RegSDImport.xml

[2009/11/23 15:09:06 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml

[2009/11/23 15:09:06 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip

[2009/11/23 15:07:15 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat

[2009/11/23 15:07:11 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat

[2009/11/23 15:07:11 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat

[2009/11/23 15:07:07 | 00,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk

[2009/11/23 15:07:03 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat

[2009/11/23 10:25:32 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/22 21:44:16 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 35 of 40-identity theft.doc

[2009/11/22 21:43:46 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 34 of 40-home loans.doc

[2009/11/22 21:43:12 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 33 of 40-auto loans.doc

[2009/11/22 21:42:25 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 32 of 40-certificates of deposit.doc

[2009/11/22 21:41:58 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 31 of 40-savings accounts.doc

[2009/11/22 21:41:30 | 00,028,160 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 30 of 40-student loans.doc

[2009/11/20 09:17:51 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 29 of 40-personal loans.doc

[2009/11/20 09:17:24 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 28 of 40-mortgage loans.doc

[2009/11/20 09:16:56 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 27 of 40-identity theft.doc

[2009/11/20 09:16:29 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 26 of 40-home loans.doc

[2009/11/19 10:55:16 | 00,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2009/11/19 10:54:56 | 00,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2009/11/19 10:53:02 | 00,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/11/19 10:44:05 | 00,188,626 | ---- | C] () -- C:\Windows\hpwins22.dat

[2009/11/19 10:40:12 | 00,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini

[2009/11/19 10:39:27 | 00,016,346 | ---- | C] () -- C:\Windows\hpdj5100.his

[2009/11/19 10:39:27 | 00,003,384 | ---- | C] () -- C:\Windows\hpdj5100.ini

[2009/11/15 21:09:13 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 25 of 40-auto loans.doc

[2009/11/15 21:08:04 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 24 of 40-certificates of deposit.doc

[2009/11/15 21:07:23 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 23 of 40-savings accounts.doc

[2009/11/15 21:06:54 | 00,028,160 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 22 of 40-student loans.doc

[2009/11/15 21:06:27 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 21 of 40-personal loans.doc

[2009/11/15 21:05:54 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 20 of 40-mortgage loans.doc

[2009/11/13 09:11:28 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 19 of 40-identity theft.doc

[2009/11/13 09:10:57 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 18 of 40-home loans.doc

[2009/11/13 09:10:09 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 17 of 40-auto loans.doc

[2009/11/13 09:09:27 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 16 of 40-certificates of deposit.doc

[2009/11/10 23:41:33 | 00,028,672 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 14 of 40-student loans.doc

[2009/11/10 23:38:54 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 15 of 40-savings accounts.doc

[2009/11/08 21:15:31 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 12 of 40-mortgage loans.doc

[2009/11/08 21:13:58 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 11 of 40-identity theft.doc

[2009/11/08 21:12:55 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 13 of 40-personal loans.doc

[2009/11/08 21:12:15 | 00,027,136 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 10 of 40-home loans.doc

[2009/11/05 09:00:58 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 1 of 25-article 1 of 45-auto loans - Copy.doc

[2009/11/04 09:50:19 | 00,029,184 | ---- | C] () -- C:\Users\Cassidy\Documents\Dan Wesley Marine Electronics Blog-Day 5 of Oct-The Good the Bad and the Beauty of Underwater Lights.doc

[2009/11/04 09:50:02 | 00,032,256 | ---- | C] () -- C:\Users\Cassidy\Documents\10-26-09_A_What_If_The_Government_Runs_Out_Of_Money.doc

[2009/11/03 08:03:18 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 8 of 45-certificates of deposit.doc

[2009/11/03 08:02:20 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 7 of 45-savings accounts.doc

[2009/11/03 08:00:51 | 00,027,648 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 6 of 45-student loans.doc

[2009/11/03 08:00:17 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 5 of 45-personal loans.doc

[2009/11/03 07:59:30 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 4 of 45-mortgage loans.doc

[2009/11/03 07:58:27 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 3 of 45-identity theft.doc

[2009/11/03 07:57:29 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 2 of 45-home loans.doc

[2009/11/03 07:56:33 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 9 of 45-auto loans.doc

[2009/11/01 19:00:46 | 00,028,160 | ---- | C] () -- C:\Users\Cassidy\Documents\twitter article.doc

[2009/11/01 18:58:50 | 00,067,584 | ---- | C] () -- C:\Users\Cassidy\Documents\resume ll.doc

[2009/10/29 06:48:05 | 00,524,288 | -HS- | C] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000002.regtrans-ms

[2009/10/29 06:48:05 | 00,524,288 | -HS- | C] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000001.regtrans-ms

[2009/10/29 06:48:05 | 00,065,536 | -HS- | C] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TM.blf

[2009/10/28 09:38:18 | 00,091,293 | ---- | C] () -- C:\Users\Cassidy\Desktop\geico policy.pdf

[2009/10/27 20:51:19 | 00,252,660 | ---- | C] () -- C:\Users\Cassidy\Documents\Approved Medicare Prescriptions.pdf

[2009/10/04 09:28:42 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/10/04 09:28:42 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/10/04 09:28:41 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/10/04 09:28:41 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/10/04 09:28:40 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/10/04 09:28:40 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/07/22 01:15:25 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/01/20 18:24:38 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini

[2008/01/20 18:24:29 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll

[2008/01/20 18:23:00 | 00,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys

[2007/09/05 11:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:33:01 | 00,690,960 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI

[2006/11/02 02:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini

[2006/11/02 02:23:31 | 00,000,291 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/01 23:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys

[2006/11/01 23:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS

[2006/11/01 23:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS

[2006/11/01 23:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS

[2006/11/01 23:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS

[2006/11/01 23:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS

[2006/11/01 23:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS

[2006/11/01 23:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS

[2006/11/01 23:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS

[2006/11/01 23:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS

[2006/11/01 23:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS

[2006/11/01 23:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS

[2006/11/01 23:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS

[2006/11/01 23:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS

[2006/11/01 23:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS

[2006/11/01 22:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll

[2006/03/09 01:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/04 09:19:20 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Adobe

[2009/09/27 21:26:05 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Apple Computer

[2009/10/04 11:46:06 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\CyberLink

[2009/10/01 13:06:11 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Google

[2009/09/27 14:28:43 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Hewlett-Packard

[2009/11/19 10:57:10 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\HP

[2008/08/27 19:51:56 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Identities

[2009/10/26 20:12:58 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\LimeWire

[2008/08/27 19:45:19 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Macromedia

[2009/10/26 21:06:43 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Malwarebytes

[2006/11/02 04:37:34 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Media Center Programs

[2009/10/03 22:49:55 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Media Player Classic

[2009/11/23 22:22:52 | 00,000,000 | --SD | M] -- C:\Users\Cassidy\AppData\Roaming\Microsoft

[2009/10/13 20:19:10 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Move Networks

[2009/09/27 16:22:01 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Mozilla

[2009/10/04 12:35:45 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\MPEG Streamclip

[2009/09/27 14:42:25 | 00,027,525 | ---- | M] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.001

[2009/09/27 14:42:24 | 00,027,525 | ---- | M] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.dat

[2009/10/06 18:36:47 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\OpenCandy

[2009/11/23 15:06:58 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\PC Tools

[2009/11/22 01:54:42 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Regensoft

[2008/09/08 18:01:04 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Smith Micro

[2008/08/27 19:52:45 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Symantec

[2009/11/16 17:05:14 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Uniblue

[2009/11/24 15:05:05 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\uTorrent

[2009/09/30 20:38:11 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\WinRAR

[2008/09/11 21:11:59 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Yahoo!

[2009/11/24 14:56:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2009/11/24 14:55:17 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-19 15:25:15

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2007/01/12 21:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/01/20 18:23:00 | 00,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9

@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to post

Share on other sites

laradj

laradj

Posted November 25, 2009

Author

- Share

Posted November 25, 2009

OTL logfile created on: 11/24/2009 10:30:19 PM - Run 1

OTL by OldTimer - Version 3.1.9.0 Folder = C:\Users\Cassidy\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 89.91% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 174.47 Gb Total Space | 25.60 Gb Free Space | 14.68% Space Free | Partition Type: NTFS

Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OFFICE-HP

Current User Name: Cassidy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Cassidy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)

PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)

PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()

PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\Cassidy\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\GdiPlus.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\linkinfo.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)

SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (LiveUpdate Notice) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)

SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (QPCapSvc) QuickPlay Background Capture Service (QBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()

SRV - (QPSched) QuickPlay Task Scheduler (QTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()

SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()

SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)

SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)

DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)

DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)

DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)

DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080911.003\IDSvix86.sys (Symantec Corporation)

DRV - (PTDUWWAN) -- C:\Windows\System32\drivers\PTDUWWAN.sys (DEVGURU Co,LTD.)

DRV - (PTDUVsp) -- C:\Windows\System32\drivers\PTDUVsp.sys (DEVGURU Co,LTD.)

DRV - (PTDUMdm) -- C:\Windows\System32\drivers\PTDUMdm.sys (DEVGURU Co,LTD.)

DRV - (PTDUBus) -- C:\Windows\System32\drivers\PTDUBus.sys (DEVGURU Co,LTD.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (StillCam) -- C:\Windows\System32\drivers\serscan.sys (Microsoft Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (atapi) -- C:\Windows\system32\drivers\atapi.sys ()

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 0B C9 27 22 45 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/30 02:15:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 10:36:28 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock 2.0\extensions\\Components: C:\Program Files\Flock\components [2009/10/06 18:37:51 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/10/06 18:37:49 | 00,000,000 | ---D | M]

[2009/09/27 16:22:01 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\mozilla\Extensions

[2009/09/27 16:22:01 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Cassidy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll File not found

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab (DASWebDownload Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/24 18:23:11 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 07:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 21:59:42 | 00,530,944 | ---- | C] (OldTimer Tools) -- C:\Users\Cassidy\Desktop\OTL.exe

[2009/11/24 20:23:01 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Local\Adobe

[2009/11/23 22:32:10 | 00,000,000 | --SD | C] -- C:\q7dlilvj4560q

[2009/11/23 20:55:02 | 00,000,000 | --SD | C] -- C:\q7dlilvj

[2009/11/23 18:34:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2009/11/23 18:34:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2009/11/23 18:34:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2009/11/23 18:34:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2009/11/23 18:34:16 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

[2009/11/23 18:22:10 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/23 16:51:57 | 00,000,000 | ---D | C] -- C:\Windows\pss

[2009/11/23 15:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/23 15:09:28 | 00,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys

[2009/11/23 15:09:27 | 00,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys

[2009/11/23 15:09:27 | 00,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys

[2009/11/23 15:09:06 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll

[2009/11/23 15:09:06 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2009/11/23 15:09:06 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll

[2009/11/23 15:07:15 | 00,229,304 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2009/11/23 15:07:15 | 00,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2009/11/23 15:07:11 | 00,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2009/11/23 15:07:11 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2009/11/23 15:07:03 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2009/11/23 15:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009/11/23 15:06:58 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\PC Tools

[2009/11/23 15:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009/11/23 11:13:53 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2009/11/23 10:27:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Google

[2009/11/23 10:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\Google

[2009/11/23 10:25:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/11/23 10:25:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/11/23 10:25:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/23 08:34:18 | 00,000,000 | ---D | C] -- C:\ProgramData\wuzakoba

[2009/11/23 08:34:18 | 00,000,000 | ---D | C] -- C:\ProgramData\nuhugofe

[2009/11/23 08:24:09 | 00,000,000 | ---D | C] -- C:\Program Files\Pittsburgh Steelers Toolbar

[2009/11/22 01:54:42 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\Regensoft

[2009/11/21 10:28:03 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2009/11/21 10:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/11/19 12:10:51 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2009/11/19 10:57:10 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\HP

[2009/11/19 10:57:07 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Local\HP

[2009/11/19 10:55:25 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2009/11/19 10:51:15 | 00,000,000 | ---D | C] -- C:\Windows\hpojp8500a909

[2009/11/19 10:47:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2009/11/19 10:46:07 | 00,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll

[2009/11/19 10:46:05 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l082.dll

[2009/11/19 10:45:50 | 00,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll

[2009/11/19 10:45:50 | 00,741,376 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll

[2009/11/19 10:45:50 | 00,364,544 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll

[2009/11/19 10:45:50 | 00,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll

[2009/11/19 10:45:23 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2009/11/16 17:05:14 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\Uniblue

[2009/11/11 10:29:39 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2009/11/11 10:28:07 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2009/11/08 08:11:27 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/11/08 08:11:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/11/08 08:11:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/11/08 08:11:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/11/04 08:06:43 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/11/04 08:06:42 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/11/03 08:04:35 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\Documents\Hawaii tours

[2009/10/28 22:11:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2009/10/28 22:00:17 | 00,000,000 | ---D | C] -- C:\beb23200859bb7f796ee84ad0fefa9

[2009/10/26 21:06:43 | 00,000,000 | ---D | C] -- C:\Users\Cassidy\AppData\Roaming\Malwarebytes

[2009/10/26 21:06:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/10/14 12:19:23 | 00,006,944 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\d3d9caps.dat

[2009/09/28 02:30:35 | 00,028,029 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/09/28 02:30:35 | 00,028,029 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/09/27 14:42:24 | 00,027,525 | ---- | C] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.001

[2009/09/27 14:42:23 | 00,027,525 | ---- | C] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.dat

[2008/09/05 18:17:21 | 00,088,576 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/27 19:54:32 | 01,966,217 | -H-- | C] () -- C:\Users\Cassidy\AppData\Local\IconCache.db

[2008/08/27 19:52:48 | 00,000,000 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\QSwitch.txt

[2008/08/27 19:52:48 | 00,000,000 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\DSwitch.txt

[2008/08/27 19:52:48 | 00,000,000 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\AtStart.txt

[2008/08/27 19:52:38 | 00,078,664 | ---- | C] () -- C:\Users\Cassidy\AppData\Local\GDIPFONTCACHEV1.DAT

[2008/04/24 18:38:18 | 00,001,231 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2006/11/02 04:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

[2006/11/02 04:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2006/11/02 04:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 04:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 04:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2009/11/24 22:31:03 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll

[2009/11/24 22:30:27 | 02,883,584 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat

[2009/11/24 21:59:42 | 00,530,944 | ---- | M] (OldTimer Tools) -- C:\Users\Cassidy\Desktop\OTL.exe

[2009/11/24 21:54:06 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2009/11/24 21:01:43 | 00,023,040 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll

[2009/11/24 20:56:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/11/24 20:56:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/11/24 14:56:56 | 00,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/11/24 14:56:56 | 00,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/11/24 14:56:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/11/24 14:56:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/11/24 14:56:21 | 31,529,86112 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/24 14:55:38 | 00,524,288 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000001.regtrans-ms

[2009/11/24 14:55:38 | 00,065,536 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TM.blf

[2009/11/24 14:55:17 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2009/11/24 14:55:14 | 01,966,217 | -H-- | M] () -- C:\Users\Cassidy\AppData\Local\IconCache.db

[2009/11/23 15:35:39 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/11/23 15:25:48 | 00,001,874 | ---- | M] () -- C:\Users\Cassidy\Desktop\HijackThis.lnk

[2009/11/23 15:07:07 | 00,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk

[2009/11/23 14:49:32 | 00,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2009/11/23 10:25:32 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/23 09:34:42 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\mosewisu

[2009/11/22 22:54:57 | 00,088,576 | ---- | M] () -- C:\Users\Cassidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/22 21:44:16 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 35 of 40-identity theft.doc

[2009/11/22 21:43:47 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 34 of 40-home loans.doc

[2009/11/22 21:43:13 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 33 of 40-auto loans.doc

[2009/11/22 21:42:26 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 32 of 40-certificates of deposit.doc

[2009/11/22 21:41:59 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 31 of 40-savings accounts.doc

[2009/11/22 21:41:31 | 00,028,160 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 30 of 40-student loans.doc

[2009/11/22 21:37:20 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 29 of 40-personal loans.doc

[2009/11/22 21:03:07 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 28 of 40-mortgage loans.doc

[2009/11/22 19:59:52 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 27 of 40-identity theft.doc

[2009/11/22 19:21:20 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 26 of 40-home loans.doc

[2009/11/20 09:24:13 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/11/20 09:24:13 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/11/20 09:24:13 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/11/19 17:50:50 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 25 of 40-auto loans.doc

[2009/11/19 17:17:10 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 24 of 40-certificates of deposit.doc

[2009/11/19 15:47:12 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 23 of 40-savings accounts.doc

[2009/11/19 10:57:33 | 00,188,626 | ---- | M] () -- C:\Windows\hpwins22.dat

[2009/11/19 10:56:58 | 00,000,291 | ---- | M] () -- C:\Windows\win.ini

[2009/11/19 10:55:16 | 00,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2009/11/19 10:54:56 | 00,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2009/11/19 10:53:02 | 00,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/11/19 10:42:17 | 00,016,346 | ---- | M] () -- C:\Windows\hpdj5100.his

[2009/11/19 10:42:17 | 00,003,384 | ---- | M] () -- C:\Windows\hpdj5100.ini

[2009/11/19 10:40:12 | 00,000,103 | ---- | M] () -- C:\Windows\System32\hptrace.ini

[2009/11/17 18:47:54 | 00,028,160 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 22 of 40-student loans.doc

[2009/11/17 14:51:27 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 21 of 40-personal loans.doc

[2009/11/16 18:52:23 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 20 of 40-mortgage loans.doc

[2009/11/15 20:51:41 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 19 of 40-identity theft.doc

[2009/11/15 20:15:23 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 18 of 40-home loans.doc

[2009/11/15 19:23:07 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 17 of 40-auto loans.doc

[2009/11/15 18:44:18 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 16 of 40-certificates of deposit.doc

[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe

[2009/11/13 09:03:21 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 15 of 40-savings accounts.doc

[2009/11/12 09:30:22 | 00,028,672 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 14 of 40-student loans.doc

[2009/11/12 03:21:49 | 00,317,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/11/10 23:36:43 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 13 of 40-personal loans.doc

[2009/11/10 22:40:44 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 12 of 40-mortgage loans.doc

[2009/11/09 22:01:44 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 11 of 40-identity theft.doc

[2009/11/09 20:09:06 | 00,027,136 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 10 of 40-home loans.doc

[2009/11/08 20:59:12 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 9 of 45-auto loans.doc

[2009/11/08 20:03:04 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 8 of 45-certificates of deposit.doc

[2009/11/08 18:55:21 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 7 of 45-savings accounts.doc

[2009/11/08 08:10:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/11/08 08:10:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/11/08 08:10:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/11/08 08:10:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/11/06 07:15:34 | 00,027,648 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 6 of 45-student loans.doc

[2009/11/04 21:42:06 | 00,025,600 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 5 of 45-personal loans.doc

[2009/11/04 20:37:45 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 4 of 45-mortgage loans.doc

[2009/11/04 09:50:19 | 00,029,184 | ---- | M] () -- C:\Users\Cassidy\Documents\Dan Wesley Marine Electronics Blog-Day 5 of Oct-The Good the Bad and the Beauty of Underwater Lights.doc

[2009/11/04 09:50:03 | 00,032,256 | ---- | M] () -- C:\Users\Cassidy\Documents\10-26-09_A_What_If_The_Government_Runs_Out_Of_Money.doc

[2009/11/03 23:00:16 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 3 of 45-identity theft.doc

[2009/11/03 21:17:19 | 00,026,624 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 2 of 45-home loans.doc

[2009/11/03 09:32:12 | 00,026,112 | ---- | M] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 1 of 25-article 1 of 45-auto loans - Copy.doc

[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2009/11/01 19:00:47 | 00,028,160 | ---- | M] () -- C:\Users\Cassidy\Documents\twitter article.doc

[2009/11/01 18:58:51 | 00,067,584 | ---- | M] () -- C:\Users\Cassidy\Documents\resume ll.doc

[2009/10/30 11:48:55 | 00,524,288 | -HS- | M] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000002.regtrans-ms

[2009/10/29 06:12:53 | 00,524,288 | -HS- | M] () -- C:\Users\Cassidy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009/10/29 06:12:53 | 00,065,536 | -HS- | M] () -- C:\Users\Cassidy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2009/10/28 09:38:18 | 00,091,293 | ---- | M] () -- C:\Users\Cassidy\Desktop\geico policy.pdf

[2009/10/27 20:51:19 | 00,252,660 | ---- | M] () -- C:\Users\Cassidy\Documents\Approved Medicare Prescriptions.pdf

========== Files Created - No Company Name ==========

[2009/11/24 15:01:33 | 00,023,040 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll

[2009/11/24 15:01:33 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll

[2009/11/23 18:34:39 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe

[2009/11/23 18:34:39 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2009/11/23 18:34:39 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2009/11/23 18:34:39 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2009/11/23 18:34:39 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2009/11/23 15:25:48 | 00,001,874 | ---- | C] () -- C:\Users\Cassidy\Desktop\HijackThis.lnk

[2009/11/23 15:09:06 | 01,152,470 | ---- | C] () -- C:\Windows\UDB.zip

[2009/11/23 15:09:06 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2009/11/23 15:09:06 | 00,000,883 | ---- | C] () -- C:\Windows\RegSDImport.xml

[2009/11/23 15:09:06 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml

[2009/11/23 15:09:06 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip

[2009/11/23 15:07:15 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat

[2009/11/23 15:07:11 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat

[2009/11/23 15:07:11 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat

[2009/11/23 15:07:07 | 00,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk

[2009/11/23 15:07:03 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat

[2009/11/23 10:25:32 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/22 21:44:16 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 35 of 40-identity theft.doc

[2009/11/22 21:43:46 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 18 of 25-article 34 of 40-home loans.doc

[2009/11/22 21:43:12 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 33 of 40-auto loans.doc

[2009/11/22 21:42:25 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 17 of 25-article 32 of 40-certificates of deposit.doc

[2009/11/22 21:41:58 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 31 of 40-savings accounts.doc

[2009/11/22 21:41:30 | 00,028,160 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 16 of 25-article 30 of 40-student loans.doc

[2009/11/20 09:17:51 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 29 of 40-personal loans.doc

[2009/11/20 09:17:24 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 15 of 25-article 28 of 40-mortgage loans.doc

[2009/11/20 09:16:56 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 27 of 40-identity theft.doc

[2009/11/20 09:16:29 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 14 of 25-article 26 of 40-home loans.doc

[2009/11/19 10:55:16 | 00,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2009/11/19 10:54:56 | 00,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2009/11/19 10:53:02 | 00,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/11/19 10:44:05 | 00,188,626 | ---- | C] () -- C:\Windows\hpwins22.dat

[2009/11/19 10:40:12 | 00,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini

[2009/11/19 10:39:27 | 00,016,346 | ---- | C] () -- C:\Windows\hpdj5100.his

[2009/11/19 10:39:27 | 00,003,384 | ---- | C] () -- C:\Windows\hpdj5100.ini

[2009/11/15 21:09:13 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 25 of 40-auto loans.doc

[2009/11/15 21:08:04 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 13 of 25-article 24 of 40-certificates of deposit.doc

[2009/11/15 21:07:23 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 23 of 40-savings accounts.doc

[2009/11/15 21:06:54 | 00,028,160 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 12 of 25-article 22 of 40-student loans.doc

[2009/11/15 21:06:27 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 21 of 40-personal loans.doc

[2009/11/15 21:05:54 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 11 of 25-article 20 of 40-mortgage loans.doc

[2009/11/13 09:11:28 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 19 of 40-identity theft.doc

[2009/11/13 09:10:57 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 10 of 25-article 18 of 40-home loans.doc

[2009/11/13 09:10:09 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 17 of 40-auto loans.doc

[2009/11/13 09:09:27 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 9 of 25-article 16 of 40-certificates of deposit.doc

[2009/11/10 23:41:33 | 00,028,672 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 14 of 40-student loans.doc

[2009/11/10 23:38:54 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 8 of 25-article 15 of 40-savings accounts.doc

[2009/11/08 21:15:31 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 12 of 40-mortgage loans.doc

[2009/11/08 21:13:58 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 11 of 40-identity theft.doc

[2009/11/08 21:12:55 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 7 of 25-article 13 of 40-personal loans.doc

[2009/11/08 21:12:15 | 00,027,136 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 6 of 25-article 10 of 40-home loans.doc

[2009/11/05 09:00:58 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 1 of 25-article 1 of 45-auto loans - Copy.doc

[2009/11/04 09:50:19 | 00,029,184 | ---- | C] () -- C:\Users\Cassidy\Documents\Dan Wesley Marine Electronics Blog-Day 5 of Oct-The Good the Bad and the Beauty of Underwater Lights.doc

[2009/11/04 09:50:02 | 00,032,256 | ---- | C] () -- C:\Users\Cassidy\Documents\10-26-09_A_What_If_The_Government_Runs_Out_Of_Money.doc

[2009/11/03 08:03:18 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 8 of 45-certificates of deposit.doc

[2009/11/03 08:02:20 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 7 of 45-savings accounts.doc

[2009/11/03 08:00:51 | 00,027,648 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 4 of 25-article 6 of 45-student loans.doc

[2009/11/03 08:00:17 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 5 of 45-personal loans.doc

[2009/11/03 07:59:30 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 3 of 25-article 4 of 45-mortgage loans.doc

[2009/11/03 07:58:27 | 00,026,112 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 3 of 45-identity theft.doc

[2009/11/03 07:57:29 | 00,026,624 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 2 of 25-article 2 of 45-home loans.doc

[2009/11/03 07:56:33 | 00,025,600 | ---- | C] () -- C:\Users\Cassidy\Documents\Wesley-Finance-day 5 of 25-article 9 of 45-auto loans.doc

[2009/11/01 19:00:46 | 00,028,160 | ---- | C] () -- C:\Users\Cassidy\Documents\twitter article.doc

[2009/11/01 18:58:50 | 00,067,584 | ---- | C] () -- C:\Users\Cassidy\Documents\resume ll.doc

[2009/10/29 06:48:05 | 00,524,288 | -HS- | C] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000002.regtrans-ms

[2009/10/29 06:48:05 | 00,524,288 | -HS- | C] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TMContainer00000000000000000001.regtrans-ms

[2009/10/29 06:48:05 | 00,065,536 | -HS- | C] () -- C:\Users\Cassidy\ntuser.dat{f4869ad0-c499-11de-af58-0021866afbed}.TM.blf

[2009/10/28 09:38:18 | 00,091,293 | ---- | C] () -- C:\Users\Cassidy\Desktop\geico policy.pdf

[2009/10/27 20:51:19 | 00,252,660 | ---- | C] () -- C:\Users\Cassidy\Documents\Approved Medicare Prescriptions.pdf

[2009/10/04 09:28:42 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/10/04 09:28:42 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/10/04 09:28:41 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/10/04 09:28:41 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/10/04 09:28:40 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/10/04 09:28:40 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/07/22 01:15:25 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/01/20 18:24:38 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini

[2008/01/20 18:24:29 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll

[2008/01/20 18:23:00 | 00,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys

[2007/09/05 11:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:33:01 | 00,690,960 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI

[2006/11/02 02:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini

[2006/11/02 02:23:31 | 00,000,291 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/01 23:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys

[2006/11/01 23:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS

[2006/11/01 23:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS

[2006/11/01 23:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS

[2006/11/01 23:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS

[2006/11/01 23:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS

[2006/11/01 23:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS

[2006/11/01 23:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS

[2006/11/01 23:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS

[2006/11/01 23:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS

[2006/11/01 23:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS

[2006/11/01 23:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS

[2006/11/01 23:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS

[2006/11/01 23:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS

[2006/11/01 23:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS

[2006/11/01 22:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll

[2006/03/09 01:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/04 09:19:20 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Adobe

[2009/09/27 21:26:05 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Apple Computer

[2009/10/04 11:46:06 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\CyberLink

[2009/10/01 13:06:11 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Google

[2009/09/27 14:28:43 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Hewlett-Packard

[2009/11/19 10:57:10 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\HP

[2008/08/27 19:51:56 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Identities

[2009/10/26 20:12:58 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\LimeWire

[2008/08/27 19:45:19 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Macromedia

[2009/10/26 21:06:43 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Malwarebytes

[2006/11/02 04:37:34 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Media Center Programs

[2009/10/03 22:49:55 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Media Player Classic

[2009/11/23 22:22:52 | 00,000,000 | --SD | M] -- C:\Users\Cassidy\AppData\Roaming\Microsoft

[2009/10/13 20:19:10 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Move Networks

[2009/09/27 16:22:01 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Mozilla

[2009/10/04 12:35:45 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\MPEG Streamclip

[2009/09/27 14:42:25 | 00,027,525 | ---- | M] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.001

[2009/09/27 14:42:24 | 00,027,525 | ---- | M] () -- C:\Users\Cassidy\AppData\Roaming\nvModes.dat

[2009/10/06 18:36:47 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\OpenCandy

[2009/11/23 15:06:58 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\PC Tools

[2009/11/22 01:54:42 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Regensoft

[2008/09/08 18:01:04 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Smith Micro

[2008/08/27 19:52:45 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Symantec

[2009/11/16 17:05:14 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Uniblue

[2009/11/24 15:05:05 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\uTorrent

[2009/09/30 20:38:11 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\WinRAR

[2008/09/11 21:11:59 | 00,000,000 | ---D | M] -- C:\Users\Cassidy\AppData\Roaming\Yahoo!

[2009/11/24 14:56:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2009/11/24 14:55:17 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-19 15:25:15

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2007/01/12 21:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/01/20 18:23:00 | 00,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9

@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to post

Share on other sites

laradj

laradj

Posted November 25, 2009

Author

- Share

Posted November 25, 2009

OTL Extras logfile created on: 11/24/2009 10:30:20 PM - Run 1

OTL by OldTimer - Version 3.1.9.0 Folder = C:\Users\Cassidy\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 89.91% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 174.47 Gb Total Space | 25.60 Gb Free Space | 14.68% Space Free | Partition Type: NTFS

Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OFFICE-HP

Current User Name: Cassidy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-18]

"EnableNotifications" = 0

"EnableNotifications\Ref" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{4A6FFEE5-C5ED-4738-8A0B-731D4652E7B1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{5168F780-3563-4E94-8F87-21B44D82E172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E103EDE4-C7F8-448B-B475-60F7CA6AC2FF}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{062621A9-D223-4EB9-83FB-C3163BC5ED8F}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |

"{0F4C0D84-8945-4279-A863-7832BA8BE650}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{1DD6C315-6D6F-4C88-9A8C-1F4F7A2B9646}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{1EEC080B-4BBC-4436-A369-2A2AE2E1CA50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{2BA1CFEB-898A-4D94-A9E6-28CAD61219AA}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{35B1B8FE-48CA-4EA0-8EE8-5BA02E7A4F4D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{4FD9A9A4-1148-4041-B581-3F53F3B34A0A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{555B92D9-EF90-49AB-B587-EE7DAED750B9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{65C96EE3-EE1F-4F75-A615-5D5C61E20ABE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{741F79F7-87BD-40DD-BF90-2A458D812D28}" = dir=in | app=e:\setup\hpznui01.exe |

"{74AD4907-3DA3-4921-BBB3-D20857903F06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7A64F80F-8533-4EFB-B519-042409152F3B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |

"{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{83A9B118-0636-4C01-B622-3CD39E11C4B0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{A097F30A-63C3-4179-8242-351D4AF62150}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{A19BA251-0372-4956-B678-8C01F08A66D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{A5596B96-3587-4484-A583-540B1A484054}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B078174B-CAB9-422D-8BD4-6B0FD1F6B70C}" = protocol=17 | dir=in | app=c:\jpvedf.exe |

"{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B886CDAE-7D75-4194-8002-0783DF489F48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |

"{BF1A007B-6F94-4FA6-8ED1-16F1109689A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BFC63AFD-4FFB-404E-BA61-F98AF7A59333}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |

"{C434E94E-D58F-4FDB-A8E8-948F2C85C7B7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{C48B682E-B5E0-4EFA-87C2-7A54E0146B5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D0E1E2AF-6703-458D-90FE-855975EEDF5D}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |

"{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{D5304801-E40F-405D-9C35-696BC5396BB4}" = protocol=6 | dir=in | app=c:\jpvedf.exe |

"{EE6E359C-343C-4F65-84B3-0D1D5344E65F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin

"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant

"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims

Link to post

Share on other sites

laradj

laradj

Posted November 25, 2009

Author

- Share

Posted November 25, 2009

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-18]

"EnableNotifications" = 0

"EnableNotifications\Ref" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{4A6FFEE5-C5ED-4738-8A0B-731D4652E7B1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{5168F780-3563-4E94-8F87-21B44D82E172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E103EDE4-C7F8-448B-B475-60F7CA6AC2FF}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{062621A9-D223-4EB9-83FB-C3163BC5ED8F}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |

"{0F4C0D84-8945-4279-A863-7832BA8BE650}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{1DD6C315-6D6F-4C88-9A8C-1F4F7A2B9646}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{1EEC080B-4BBC-4436-A369-2A2AE2E1CA50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{2BA1CFEB-898A-4D94-A9E6-28CAD61219AA}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{35B1B8FE-48CA-4EA0-8EE8-5BA02E7A4F4D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{4FD9A9A4-1148-4041-B581-3F53F3B34A0A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{555B92D9-EF90-49AB-B587-EE7DAED750B9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{65C96EE3-EE1F-4F75-A615-5D5C61E20ABE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{741F79F7-87BD-40DD-BF90-2A458D812D28}" = dir=in | app=e:\setup\hpznui01.exe |

"{74AD4907-3DA3-4921-BBB3-D20857903F06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7A64F80F-8533-4EFB-B519-042409152F3B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |

"{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{83A9B118-0636-4C01-B622-3CD39E11C4B0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{A097F30A-63C3-4179-8242-351D4AF62150}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{A19BA251-0372-4956-B678-8C01F08A66D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{A5596B96-3587-4484-A583-540B1A484054}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B078174B-CAB9-422D-8BD4-6B0FD1F6B70C}" = protocol=17 | dir=in | app=c:\jpvedf.exe |

"{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B886CDAE-7D75-4194-8002-0783DF489F48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |

"{BF1A007B-6F94-4FA6-8ED1-16F1109689A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BFC63AFD-4FFB-404E-BA61-F98AF7A59333}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |

"{C434E94E-D58F-4FDB-A8E8-948F2C85C7B7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{C48B682E-B5E0-4EFA-87C2-7A54E0146B5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D0E1E2AF-6703-458D-90FE-855975EEDF5D}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |

"{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{D5304801-E40F-405D-9C35-696BC5396BB4}" = protocol=6 | dir=in | app=c:\jpvedf.exe |

"{EE6E359C-343C-4F65-84B3-0D1D5344E65F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin

"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant

"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims

Link to post

Share on other sites

chamber

Posted November 25, 2009

- Share

Posted November 25, 2009

Hi,

Think that you double posted there.

Download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Link to post

Share on other sites

laradj

laradj

Posted November 26, 2009

Author

- Share

Posted November 26, 2009

Hi,

I followed your instructions and combo fix starts, says it detects rootkit activitity and has to restart, and then begins to scan but after completing some of the stages it crashes my computer and makes the screen go black. I made the mistake of trying it twice before I reread your instruction that said not to rerun it if I have problems.

Sorry for the double otl posts earlier, OTL created 10 text files so I wasn't sure which ones to post.

Happy Thanksgiving and I'll wait for further instructions. Thanks.

Lara

Link to post

Share on other sites

chamber

Posted November 26, 2009

- Share

Posted November 26, 2009

Happy thanksgiving,

My sister lives in America. Must remember to call her.

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Link to post

Share on other sites

laradj

laradj

Posted November 27, 2009

Author

- Share

Posted November 27, 2009

Here is the GMER log, it's too long for one post.

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-26 22:34:24

Windows 6.0.6001 Service Pack 1

Running: zqyjftf2.exe; Driver: C:\Users\Cassidy\AppData\Local\Temp\pwroypod.sys

---- System - GMER 1.0.15 ----

SSDT 8775D160 ZwAlpcConnectPort

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x80796CDC]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x80796ECE]

SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x807DCB30]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x807970D6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 370 81CCE934 4 Bytes [60, D1, 75, 87] {PUSHA ; SAL DWORD [EBP-0x79], 0x1}

.text ntkrnlpa.exe!KeSetTimerEx + 43C 81CCEA00 8 Bytes [DC, 6C, 79, 80, CE, 6E, 79, ...] {FSUBR QWORD [ECX+EDI*2-0x80]; INTO ; OUTSB ; JNS 0xffffffffffffff88}

.text ntkrnlpa.exe!KeSetTimerEx + 854 81CCEE18 4 Bytes [30, CB, 7D, 80] {XOR BL, CL; JGE 0xffffffffffffff84}

.text ntkrnlpa.exe!KeSetTimerEx + 918 81CCEEDC 4 Bytes [D6, 70, 79, 80]

.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x8075D000]

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DC09340, 0x3FA057, 0xE8000020]

? \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Bonjour\mDNSResponder.exe[316] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ws2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ws2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ws2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ws2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\inetmib1.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\inetmib1.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[392] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\svchost.exe[412] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70B90000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E40000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 704F0000

IAT C:\Windows\system32\svchost.exe[600] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\wininit.exe[644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll

Link to post

Share on other sites

laradj

laradj

Posted November 27, 2009

Author

- Share

Posted November 27, 2009

[ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\LSASRV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMSRV.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMSRV.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMSRV.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMSRV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMSRV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMSRV.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsass.exe[704] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\lsm.exe[712] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\winlogon.exe [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\winlogon.exe [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\winlogon.exe [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\winlogon.exe [ADVAPI32.dll!OpenSCManagerW] 71180000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70F20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 71470000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70F20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70F20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 71100000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 71140000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 71470000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 713B0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70F20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 71100000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 713B0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 71180000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 713F0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 713B0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 71470000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 711C0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 71090000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 71100000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 711C0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 71470000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70F20000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 71470000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 71430000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 71370000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 711C0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 71180000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70AB0000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 71330000

IAT C:\Windows\system32\winlogon.exe[736] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70E20000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[800] @ C:\Windows\System32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\DRIVERS\xaudio.exe[896] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70B90000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E40000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711C0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW]

Link to post

Share on other sites

laradj

laradj

Posted November 27, 2009

Author

- Share

Posted November 27, 2009

IAT C:\Windows\system32\svchost.exe[900] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\system32\nvvsvc.exe[952] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70B90000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E40000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B50000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegQueryValueW] 70E00000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711C0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70970000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70AE0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70500000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70870000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000

IAT C:\Windows\system32\svchost.exe[980] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70910000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70E60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70910000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70AF0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70B30000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70E60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70DA0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70910000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70AF0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70DA0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70B70000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70DE0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70DA0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70E60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70BB0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70AF0000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70910000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70E60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70B70000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70A80000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70BB0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70B70000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 704A0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70810000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 71160000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70BB0000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E20000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70E60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70910000

IAT C:\Windows\System32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70D60000

IAT C:\Windows\System32\svchost.exe[1076] @ c:\windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D20000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70BA0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E50000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E10000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WININET.dll [uSER32.dll!GetWindowTextW] 70B60000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711D0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70ED0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70980000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!LoadResource] 70AF0000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\System32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E90000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C20000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BE0000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70510000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 70880000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70DD0000

IAT C:\Windows\System32\svchost.exe[1104] @ c:\windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D90000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 70CE0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 707C0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70A40000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 707C0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 708C0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 707C0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70E20000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70D20000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70CE0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 707C0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70A40000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716A0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 708C0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextW] 70AB0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetWindowTextA] 70AF0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70E20000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70D60000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70DE0000

IAT C:\Windows\system32\svchost.exe[1140] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW]