Analysis Summary:

Analysis Date	20.12.2006 15:01:08
Sandbox Version	Beta 1.83
Filename	9745d126b8c362c489c8820c301b1147.exe

Technical Details:

Analysis Number

Parent ID

Process ID

1156

Filename

c:\9745d126b8c362c489c8820c301b1147.exe

Filesize

1493429 bytes

MD5

9745d126b8c362c489c8820c301b1147

Start Reason

AnalysisTarget

Termination Reason

NormalTermination

Start Time

00:00.031

Stop Time

00:15.125

Detection

OK (ClamAV)
OK (BDC/Linux-Console)
OK (AntiVir Workstation)

DLL-Handling

Loaded DLLs

c:\9745d126b8c362c489c8820c301b1147.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\Wship6.dll
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\Secur32.dll
shell32.dll
uxtheme.dll

Filesystem

New Files
C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp
Opened Files
c:\9745d126b8c362c489c8820c301b1147.exe \SystemRoot\AppPatch\sysmain.sdb \SystemRoot\AppPatch\systest.sdb \Device\NamedPipe\ShimViewer C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp
Deleted Files
C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp
Chronological order
Open File: c:\9745d126b8c362c489c8820c301b1147.exe (OPEN_EXISTING) Get File Attributes: C:\DOCUME~1\foobar\LOCALS~1\Temp Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp Open File: \SystemRoot\AppPatch\sysmain.sdb (OPEN_EXISTING) Open File: \SystemRoot\AppPatch\systest.sdb (OPEN_EXISTING) Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING) Open File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp () Find File: is-S02CG.tmp Delete File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp

Registry

Reads
Software\Microsoft\Windows\CurrentVersion\ThemeManager "Compositing" Control Panel\Desktop "LameButtonText" \Registry\Machine\SYSTEM\WPA\MediaCenter "Installed" \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers "C:\Documents and Settings\foobar\Local Settings\Temp\is-9AGSG.tmp\is-S02CG.tmp"

Process Management

Creates Process - Filename () CommandLine: ("C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp" /SL4 $B01EE "c:\9745d126b8c362c489c8820c301b1147.exe" 1211696 175104 ) As User: () Creation Flags: ()
Kill Process - Filename () CommandLine: () Target PID: (1156) As User: () Creation Flags: ()

System Info

Get System Time

Window

Enum Windows
Destroy Window - Class Name (Static) Window Name (InnoSetupLdrWindow)

The following process was started by process: 1

Analysis Number

Parent ID

Process ID

216

Filename

C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp /SL4 $B01EE c:\9745d126b8c362c489c8820c301b1147.exe 1211696 175104

Filesize

-1 bytes

MD5

Start Reason

CreateProcess

Termination Reason

NormalTermination

Start Time

00:02.922

Stop Time

00:14.922

COM

COM Create Instance: shell32.dll, ProgID: (lnkfile), Interface ID: ({000214EE-0000-0000-C000-000000000046})

DLL-Handling

Loaded DLLs

C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\Wship6.dll
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\Secur32.dll
uxtheme.dll
shell32.dll
shfolder.dll
ole32.dll
RICHED20.DLL
advapi32.dll
kernel32.dll
C:\WINDOWS\system32\sfc.dll
comctl32.dll
ntshrui.dll
netapi32

Filesystem

New Files
C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_RegDLL.tmp C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_shfoldr.dll C:\Program Files\Registry Cleaner\unins000.dat C:\Program Files\Registry Cleaner\is-39KJI.tmp C:\Program Files\Registry Cleaner\unins000.exe C:\Program Files\Registry Cleaner\is-MDTR0.tmp C:\Program Files\Registry Cleaner\RegistryCleaner.exe C:\Program Files\Registry Cleaner\is-IRJDF.tmp C:\Program Files\Registry Cleaner\backup.xml C:\Program Files\Registry Cleaner\is-PECC1.tmp C:\Program Files\Registry Cleaner\ignore.xml C:\Program Files\Registry Cleaner\is-7UIG4.tmp C:\Program Files\Registry Cleaner\bholist.xml C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.lnk C:\Documents and Settings\foobar\Desktop\Registry Cleaner.lnk C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.lnk C:\Program Files\Registry Cleaner\unins000.dat
Opened Files
C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp c:\9745d126b8c362c489c8820c301b1147.exe \\.\PIPE\lsarpc \\.\PIPE\SfcApi C:\WINDOWS\Registration\R000000000014.clb \\.\PIPE\srvsvc \\.\PIPE\wkssvc \SystemRoot\AppPatch\sysmain.sdb \SystemRoot\AppPatch\systest.sdb \Device\NamedPipe\ShimViewer C:\Program Files\Registry Cleaner\RegistryCleaner.exe
Deleted Files
C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.lnk C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.pif C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.pif C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.pif C:\Documents and Settings\foobar\Desktop\Registry Cleaner.lnk C:\Documents and Settings\foobar\Desktop\Registry Cleaner.pif C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.lnk C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.pif C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_RegDLL.tmp C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_shfoldr.dll
Chronological order
Open File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp (OPEN_EXISTING) Open File: c:\9745d126b8c362c489c8820c301b1147.exe (OPEN_EXISTING) Get File Attributes: C:\DOCUME~1\foobar\LOCALS~1\Temp Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_RegDLL.tmp Create File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_shfoldr.dll Find File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-9AGSG.tmp\is-S02CG.tmp Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\lsarpc (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\foobar\Start Menu\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\Start Menu\Programs\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\ Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner\backup Flags: (SECURITY_ANONYMOUS) Find File: C:\Program Files\Registry Cleaner\unins???.* Create File: C:\Program Files\Registry Cleaner\unins000.dat Open File: \\.\PIPE\SfcApi (OPEN_EXISTING) Get File Attributes: C:\Program Files\Registry Cleaner\unins000.exe Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner\is-39KJI.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\Program Files\Registry Cleaner\is-39KJI.tmp Set File Time: C:\Program Files\Registry Cleaner\is-39KJI.tmp Move File: C:\Program Files\Registry Cleaner\is-39KJI.tmp to C:\Program Files\Registry Cleaner\unins000.exe Get File Attributes: C:\Program Files\Registry Cleaner\RegistryCleaner.exe Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner\is-MDTR0.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\Program Files\Registry Cleaner\is-MDTR0.tmp Set File Time: C:\Program Files\Registry Cleaner\is-MDTR0.tmp Move File: C:\Program Files\Registry Cleaner\is-MDTR0.tmp to C:\Program Files\Registry Cleaner\RegistryCleaner.exe Get File Attributes: C:\Program Files\Registry Cleaner\backup.xml Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner\is-IRJDF.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\Program Files\Registry Cleaner\is-IRJDF.tmp Set File Time: C:\Program Files\Registry Cleaner\is-IRJDF.tmp Move File: C:\Program Files\Registry Cleaner\is-IRJDF.tmp to C:\Program Files\Registry Cleaner\backup.xml Get File Attributes: C:\Program Files\Registry Cleaner\ignore.xml Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner\is-PECC1.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\Program Files\Registry Cleaner\is-PECC1.tmp Set File Time: C:\Program Files\Registry Cleaner\is-PECC1.tmp Move File: C:\Program Files\Registry Cleaner\is-PECC1.tmp to C:\Program Files\Registry Cleaner\ignore.xml Get File Attributes: C:\Program Files\Registry Cleaner\bholist.xml Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Program Files\Registry Cleaner\is-7UIG4.tmp Flags: (SECURITY_ANONYMOUS) Create File: C:\Program Files\Registry Cleaner\is-7UIG4.tmp Set File Time: C:\Program Files\Registry Cleaner\is-7UIG4.tmp Move File: C:\Program Files\Registry Cleaner\is-7UIG4.tmp to C:\Program Files\Registry Cleaner\bholist.xml Get File Attributes: C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch Flags: (SECURITY_ANONYMOUS) Delete File: C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.lnk Delete File: C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.pif Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS) Open File: C:\WINDOWS\Registration\R000000000014.clb (OPEN_EXISTING) Get File Attributes: C:\Program Files\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\My Documents\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Documents\desktop.ini Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\srvsvc (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.lnk Flags: (SECURITY_ANONYMOUS) Create File: C:\Documents and Settings\foobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Cleaner.lnk Get File Attributes: C:\Documents and Settings\All Users\Start Menu\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\My Documents\My Pictures\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\wkssvc (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\All Users\Documents\My Music\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\All Users\Start Menu\Programs Flags: (SECURITY_ANONYMOUS) Delete File: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.lnk Delete File: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.pif Get File Attributes: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.lnk Flags: (SECURITY_ANONYMOUS) Create File: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Registry Cleaner.lnk Delete File: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.lnk Delete File: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.pif Get File Attributes: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.lnk Flags: (SECURITY_ANONYMOUS) Create File: C:\Documents and Settings\All Users\Start Menu\Programs\Registry Cleaner\Uninstall.lnk Get File Attributes: C:\Documents and Settings\foobar\Desktop Flags: (SECURITY_ANONYMOUS) Delete File: C:\Documents and Settings\foobar\Desktop\Registry Cleaner.lnk Delete File: C:\Documents and Settings\foobar\Desktop\Registry Cleaner.pif Get File Attributes: C:\Documents and Settings\foobar\Desktop\Registry Cleaner.lnk Flags: (SECURITY_ANONYMOUS) Create File: C:\Documents and Settings\foobar\Desktop\Registry Cleaner.lnk Get File Attributes: C:\Documents and Settings\foobar\Start Menu Flags: (SECURITY_ANONYMOUS) Delete File: C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.lnk Delete File: C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.pif Get File Attributes: C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.lnk Flags: (SECURITY_ANONYMOUS) Create File: C:\Documents and Settings\foobar\Start Menu\Registry Cleaner.lnk Create File: C:\Program Files\Registry Cleaner\unins000.dat Open File: \SystemRoot\AppPatch\sysmain.sdb (OPEN_EXISTING) Open File: \SystemRoot\AppPatch\systest.sdb (OPEN_EXISTING) Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING) Open File: C:\Program Files\Registry Cleaner\RegistryCleaner.exe () Find File: RegistryCleaner.exe Find File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\* Get File Attributes: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup Flags: (SECURITY_ANONYMOUS) Find File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\* Delete File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_RegDLL.tmp Delete File: C:\DOCUME~1\foobar\LOCALS~1\Temp\is-RFVHA.tmp\_isetup\_shfoldr.dll

INI Files

Read INI File

C:\Documents and Settings\foobar\Start Menu\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\Start Menu\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\foobar\Start Menu\Programs\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\Start Menu\Programs\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\foobar\Start Menu\Programs\desktop.ini [.ShellClassInfo] IconFile =
WIN.INI [windows] ScrollInset =
WIN.INI [windows] DragDelay =
WIN.INI [windows] DragMinDist =
WIN.INI [windows] ScrollDelay =
WIN.INI [windows] ScrollInterval =
WIN.INI [richedit30] flags =
C:\Documents and Settings\foobar\My Documents\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\My Documents\desktop.ini [DeleteOnCopy.A] Owner =
C:\Documents and Settings\foobar\My Documents\desktop.ini [DeleteOnCopy] PersonalizedName =
C:\Documents and Settings\foobar\My Documents\desktop.ini [DeleteOnCopy.A] PersonalizedName =
C:\Documents and Settings\All Users\Documents\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Documents\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\All Users\Start Menu\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Start Menu\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\All Users\Application Data\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Application Data\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\foobar\Application Data\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\Application Data\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\foobar\My Documents\My Pictures\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\My Documents\My Pictures\desktop.ini [DeleteOnCopy.A] Owner =
C:\Documents and Settings\foobar\My Documents\My Pictures\desktop.ini [DeleteOnCopy] PersonalizedName =
C:\Documents and Settings\foobar\My Documents\My Pictures\desktop.ini [DeleteOnCopy.A] PersonalizedName =
C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\All Users\Documents\My Music\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Documents\My Music\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini [.ShellClassInfo] LocalizedResourceName =

Network Shares

Enum Network Shares - Network Ressource: () Host: ()

Registry

Create or Open
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1
Changes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Registry Cleaner" = C:\Program Files\Registry Cleaner\RegistryCleaner.exe /scan HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "Inno Setup: Setup Version" = 5.1.6 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "Inno Setup: App Path" = C:\Program Files\Registry Cleaner HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "InstallLocation" = C:\Program Files\Registry Cleaner\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "Inno Setup: Icon Group" = Registry Cleaner HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "Inno Setup: User" = foobar HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "Inno Setup: Selected Tasks" = quicklaunchicon,desktopicon,startmenuicon,startupicon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "Inno Setup: Deselected Tasks" = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "DisplayName" = Registry Cleaner HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "UninstallString" = "C:\Program Files\Registry Cleaner\unins000.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "QuietUninstallString" = "C:\Program Files\Registry Cleaner\unins000.exe" /SILENT HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "NoModify" = [REG_DWORD, value: 00000001] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1 "NoRepair" = [REG_DWORD, value: 00000001]
Reads
Software\Microsoft\Windows\CurrentVersion\ThemeManager "Compositing" Control Panel\Desktop "LameButtonText" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion "ProgramFilesDir" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion "CommonFilesDir" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion "RegisteredOwner" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion "RegisteredOrganization" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager "PendingFileRenameOperations" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager "PendingFileRenameOperations2" HKEY_CLASSES_ROOT "Network\SharingHandler" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions "ProductType" HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\DefaultSecurity "SrvsvcDefaultShareInfo" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1\Registry\Machine\SYSTEM\WPA\MediaCenter "Installed" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7746447A-AED4-4A85-A934-13A1A4CF1876}_is1\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers "C:\Program Files\Registry Cleaner\RegistryCleaner.exe"

Process Management

Creates Process - Filename () CommandLine: ("C:\Program Files\Registry Cleaner\RegistryCleaner.exe" /scan) As User: () Creation Flags: (CREATE_DEFAULT_ERROR_MODE)
Kill Process - Filename () CommandLine: () Target PID: (216) As User: () Creation Flags: ()
Open Process - Filename (C:\WINDOWS\Explorer.EXE) Target PID: (1584)

System Info

Get System Directory
Get Windows Directory
Get Computer Name
Get System Time

User Management

Get User Name

Window

Enum Windows
Destroy Window - Class Name (TWizardForm) Window Name (Setup - Registry Cleaner)
Destroy Window - Class Name (ComboLBox) Window Name ()
Destroy Window - Class Name (TMainForm) Window Name (Setup - Registry Cleaner)
Destroy Window - Class Name (TApplication) Window Name (Setup)

The following process was started by process: 2

Analysis Number

Parent ID

Process ID

1892

Filename

C:\Program Files\Registry Cleaner\RegistryCleaner.exe /scan

Filesize

-1 bytes

MD5

Start Reason

CreateProcess

Termination Reason

Timeout

Start Time

00:14.594

Stop Time

02:00.906

COM

COM Create Instance: C:\WINDOWS\system32\shdocvw.dll, ProgID: (Shell.Explorer.2), Interface ID: ({00000112-0000-0000-C000-000000000046})
COM Create Instance: , ProgID: (), Interface ID: ({00020400-0000-0000-C000-000000000046})
COM Create Instance: %SystemRoot%\system32\msxml3.dll, ProgID: (Msxml2.DOMDocument.3.0), Interface ID: ({00020400-0000-0000-C000-000000000046})
COM Create Instance: shell32.dll, ProgID: (lnkfile), Interface ID: ({000214EE-0000-0000-C000-000000000046})
COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({000214E6-0000-0000-C000-000000000046})
COM Create Instance: %SystemRoot%\system32\webcheck.dll, ProgID: (), Interface ID: ({085FB2C0-0DF8-11D1-8F4B-00A0C905413F})
COM Create Instance: shdocvw.dll, ProgID: (InternetShortcut), Interface ID: ({CABB0DA0-DA57-11CF-9974-0020AFD79762})
COM Create Instance: C:\WINDOWS\system32\urlmon.dll, ProgID: (), Interface ID: ({79EAC9EE-BAF9-11CE-8C82-00AA004BA90B})

DLL-Handling

Loaded DLLs

C:\Program Files\Registry Cleaner\RegistryCleaner.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\Wship6.dll
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\Secur32.dll
uxtheme.dll
olepro32.dll
advapi32.dll
kernel32.dll
comctl32.dll
RichEd20.dll
SHELL32.dll
ole32.dll
WININET.dll
OLE32
WINHTTP.dll
C:\WINDOWS\system32\msxml3r.dll
OLEAUT32.dll
appHelp.dll
netapi32
C:\WINDOWS\system32\shdoclc.dll
urlmon.dll
VERSION.dll

Filesystem

Opened Files
C:\WINDOWS\Registration\R000000000014.clb C:\Program Files\Registry Cleaner\backup.xml \\.\PIPE\lsarpc ignore.xml \\.\PIPE\wkssvc C:\WINDOWS\system32\webcheck.dll \SystemRoot\AppPatch\sysmain.sdb \SystemRoot\AppPatch\systest.sdb \Device\NamedPipe\ShimViewer C:\WINDOWS\system32\webcheck.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\urlmon.dll C:\Program Files\Internet Explorer\iexplore.exe
Chronological order
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS) Open File: C:\WINDOWS\Registration\R000000000014.clb (OPEN_EXISTING) Find File: C:\Program Files\Registry Cleaner\RegistryCleaner.exe Get File Attributes: C:\Program Files\Registry Cleaner\Backup Flags: (SECURITY_ANONYMOUS) Find File: C:\Program Files\Registry Cleaner\backup.xml Open File: C:\Program Files\Registry Cleaner\backup.xml (OPEN_EXISTING) Open File: \\.\PIPE\lsarpc (OPEN_EXISTING) Find File: ignore.xml Open File: ignore.xml (OPEN_EXISTING) Find File: C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe Find File: C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe Find File: C:\WINDOWS\system32\cmmgr32.exe Get File Attributes: C:\WINDOWS\system32\cmmgr32.exe Flags: (SECURITY_ANONYMOUS) Find File: C:\Program Files\NetMeeting\conf.exe Find File: C:\Program Files\Windows NT\dialer.exe Find File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe Find File: C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Find File: "C:\Program Files\Windows NT\hypertrm.exe" Find File: c:\program files\windows nt\hypertrm.exe Find File: "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE" Find File: c:\program files\internet explorer\connection wizard\icwconn1.exe Find File: "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE" Find File: c:\program files\internet explorer\connection wizard\icwconn2.exe Find File: C:\Program Files\Internet Explorer\iexplore.exe Find File: C:\WINDOWS\system32\inetsrv\inetmgr.exe Find File: "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE" Find File: c:\program files\internet explorer\connection wizard\inetwiz.exe Find File: "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE" Find File: c:\program files\internet explorer\connection wizard\isignup.exe Find File: %SystemRoot%\system32\usmt\migwiz.exe Find File: C:\WINDOWS\system32\usmt\migwiz.exe Find File: C:\Program Files\Movie Maker\moviemk.exe Find File: "C:\Program Files\Windows Media Player\mplayer2.exe" Find File: c:\program files\windows media player\mplayer2.exe Find File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Find File: %ProgramFiles%\Outlook Express\msimn.exe Find File: C:\Program Files\outlook express\msimn.exe Find File: C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe Find File: C:\Program Files\Messenger\msmsgs.exe Find File: %SystemRoot%\system32\mspaint.exe Find File: C:\WINDOWS\system32\mspaint.exe Find File: C:\Program Files\Windows NT\Pinball\pinball.exe Find File: C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe Find File: C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe Find File: %ProgramFiles%\Outlook Express\wab.exe Find File: C:\Program Files\outlook express\wab.exe Find File: %ProgramFiles%\Outlook Express\wabmig.exe Find File: C:\Program Files\outlook express\wabmig.exe Find File: C:\Program Files\Windows Media Player\wmplayer.exe Find File: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" Find File: C:\Program Files\windows nt\accessories\wordpad.exe Find File: oleaut32.dll Find File: C:\WINDOWS\oleaut32.dll Find File: C:\WINDOWS\system32\oleaut32.dll Find File: C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll Find File: ole32.dll Find File: C:\WINDOWS\ole32.dll Find File: C:\WINDOWS\system32\ole32.dll Find File: C:\Program Files\Common Files\System\ado\msado15.dll Find File: C:\Program Files\Common Files\System\ado\msadox.dll Find File: avifile.dll Find File: C:\WINDOWS\avifile.dll Find File: C:\WINDOWS\system32\avifile.dll Find File: avifil32.dll Find File: C:\WINDOWS\avifil32.dll Find File: C:\WINDOWS\system32\avifil32.dll Find File: ole2disp.dll Find File: C:\WINDOWS\ole2disp.dll Find File: C:\WINDOWS\system32\ole2disp.dll Find File: {98de59a0-d175-11cd-a7bd-00006b827d94} Find File: C:\WINDOWS\{98de59a0-d175-11cd-a7bd-00006b827d94} Find File: C:\WINDOWS\system32\{98de59a0-d175-11cd-a7bd-00006b827d94}.exe Find File: C:\WINDOWS\system32\{98de59a0-d175-11cd-a7bd-00006b827d94} Get File Attributes: {98de59a0-d175-11cd-a7bd-00006b827d94} Flags: (SECURITY_ANONYMOUS) Find File: sndrec32.exe Find File: C:\WINDOWS\sndrec32.exe Find File: C:\WINDOWS\system32\sndrec32.exe Find File: {098f2470-bae0-11cd-b579-08002b30bfeb} Find File: C:\WINDOWS\{098f2470-bae0-11cd-b579-08002b30bfeb} Find File: C:\WINDOWS\system32\{098f2470-bae0-11cd-b579-08002b30bfeb}.exe Find File: C:\WINDOWS\system32\{098f2470-bae0-11cd-b579-08002b30bfeb} Get File Attributes: {098f2470-bae0-11cd-b579-08002b30bfeb} Flags: (SECURITY_ANONYMOUS) Find File: shell32.dll Find File: C:\WINDOWS\shell32.dll Find File: C:\WINDOWS\system32\shell32.dll Find File: {00021401-0000-0000-C000-000000000046} Find File: C:\WINDOWS\{00021401-0000-0000-c000-000000000046} Find File: C:\WINDOWS\system32\{00021401-0000-0000-c000-000000000046}.exe Find File: C:\WINDOWS\system32\{00021401-0000-0000-c000-000000000046} Get File Attributes: {00021401-0000-0000-C000-000000000046} Flags: (SECURITY_ANONYMOUS) Find File: mplay32.exe Find File: C:\WINDOWS\mplay32.exe Find File: C:\WINDOWS\system32\mplay32.exe Find File: mplay32.exe,1 Find File: mplay32.exe /avi Find File: mplay32.exe,3 Find File: mplay32.exe /mid Find File: mplay32.exe,5 Find File: mmsys.cpl Find File: C:\WINDOWS\mmsys.cpl Find File: C:\WINDOWS\system32\mmsys.cpl Find File: "C:\Program Files\Internet Explorer\iexplore.exe" Find File: C:\WINDOWS\system32\msi.dll Find File: %SystemRoot%\system32\SHELL32.dll Find File: C:\WINDOWS\system32\mstime.dll Find File: C:\WINDOWS\system32\rsmsink.exe Find File: %SystemRoot%\system32\autodisc.dll,7 Find File: C:\WINDOWS\system32\autodisc.dll Find File: %SystemRoot%\system32\autodisc.dll Find File: %SystemRoot%\system32\browseui.dll Find File: C:\WINDOWS\system32\browseui.dll Find File: C:\WINDOWS\system32\dxtmsft.dll Find File: rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Find File: C:\WINDOWS\rundll32.exe Find File: C:\WINDOWS\system32\rundll32.exe Find File: C:\Program Files\Movie Maker\wmm2filt.dll Find File: C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll Find File: C:\WINDOWS\system32\msvidctl.dll Find File: C:\WINDOWS\system32\wsecedit.dll Find File: C:\Program Files\Support Tools\iadstools.dll Find File: C:\WINDOWS\system32\msdtctm.dll Find File: infosoft.dll Find File: C:\WINDOWS\infosoft.dll Find File: C:\WINDOWS\system32\infosoft.dll Find File: C:\WINDOWS\system32\lmrt.dll Find File: C:\WINDOWS\system32\csseqchk.dll Find File: C:\WINDOWS\system32\oleacc.dll Find File: C:\WINDOWS\system32\compatui.dll Find File: C:\WINDOWS\system32\msdxm.ocx Find File: C:\WINDOWS\system32\qedit.dll Find File: C:\WINDOWS\system32\msjtes40.dll Find File: C:\WINDOWS\system32\inetsrv\smtpsnap.dll Find File: C:\WINDOWS\system32\wbem\wmipcima.dll Find File: C:\WINDOWS\system32\wmp.dll Find File: C:\WINDOWS\system32\wstdecod.dll Find File: C:\WINDOWS\system32\safrdm.dll Find File: C:\WINDOWS\system32\netcfgx.dll Find File: C:\WINDOWS\system32\els.dll Find File: wiavusd.dll Find File: C:\WINDOWS\wiavusd.dll Find File: C:\WINDOWS\system32\wiavusd.dll Find File: %SystemRoot%\system32\inetcomm.dll Find File: C:\WINDOWS\system32\inetcomm.dll Find File: C:\WINDOWS\system32\wmpdxm.dll Find File: C:\WINDOWS\system32\quartz.dll Find File: C:\WINDOWS\system32\inetsrv\nsepm.dll Find File: %SystemRoot%\system32\mshtml.dll Find File: C:\WINDOWS\system32\mshtml.dll Find File: C:\WINDOWS\system32\wmv8ds32.ax Find File: C:\Program Files\Common Files\System\Ole DB\msdaps.dll Find File: C:\WINDOWS\system32\scrobj.dll Find File: C:\WINDOWS\system32\CLBCatQ.DLL Find File: C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll Find File: C:\WINDOWS\system32\cewmdm.dll Find File: C:\PROGRA~1\NETMEE~1\conf.exe Find File: C:\WINDOWS\system32\msconf.dll Find File: "C:\Program Files\NetMeeting\nmcom.dll" Find File: c:\program files\netmeeting\nmcom.dll Find File: %SystemRoot%\System32\mmcshext.dll Find File: C:\WINDOWS\system32\mmcshext.dll Find File: %ProgramFiles%\Outlook Express\msoe.dll Find File: C:\Program Files\outlook express\msoe.dll Find File: C:\PROGRA~1\NETMEE~1\rrcm.dll Find File: C:\WINDOWS\system32\plugin.ocx Get File Attributes: C:\WINDOWS\system32\plugin.ocx Flags: (SECURITY_ANONYMOUS) Find File: C:\WINDOWS\system32\mswebdvd.dll Find File: C:\WINDOWS\system32\comctl32.ocx Find File: C:\WINDOWS\system32\wbem\wmiprov.dll Find File: C:\WINDOWS\system32\mpg4ds32.ax Find File: C:\Program Files\NetMeeting\confmrsl.dll Find File: %SystemRoot%\system32\msxml3.dll Find File: C:\WINDOWS\system32\msxml3.dll Find File: C:\WINDOWS\system32\logagent.exe Find File: activeds.dll Find File: C:\WINDOWS\activeds.dll Find File: C:\WINDOWS\system32\activeds.dll Find File: %SystemRoot%\system32\webcheck.dll Find File: C:\WINDOWS\system32\webcheck.dll Find File: C:\WINDOWS\system32\ipsmsnap.dll Find File: C:\WINDOWS\system32\devenum.dll Find File: "C:\Program Files\NetMeeting\nac.dll" Find File: c:\program files\netmeeting\nac.dll Find File: C:\WINDOWS\system32\msctf.dll Find File: C:\WINDOWS\system32\wshom.ocx Find File: %SystemRoot%\System32\cic.dll Find File: C:\WINDOWS\system32\cic.dll Find File: C:\WINDOWS\system32\urlmon.dll Find File: C:\WINDOWS\system32\inetsrv\certmap.ocx Find File: %ProgramFiles%\Outlook Express\oeimport.dll Find File: C:\Program Files\outlook express\oeimport.dll Find File: adsnds.dll Find File: C:\WINDOWS\adsnds.dll Find File: C:\WINDOWS\system32\adsnds.dll Find File: %SystemRoot%\system32\shdocvw.dll Find File: C:\WINDOWS\system32\shdocvw.dll Find File: C:\WINDOWS\system32\qcap.dll Find File: C:\PROGRA~1\WINDOW~2\mpvis.dll Find File: C:\WINDOWS\system32\inetsrv\browscap.dll Find File: %SystemRoot%\system32\appwiz.cpl Find File: C:\WINDOWS\system32\appwiz.cpl Find File: C:\WINDOWS\system32\MFC42u.DLL Find File: C:\WINDOWS\system32\ixsso.dll Find File: C:\Program Files\Common Files\System\Ole DB\sqloledb.dll Find File: C:\WINDOWS\system32\hnetcfg.dll Find File: cabview.dll,0 Find File: C:\WINDOWS\cabview.dll Find File: C:\WINDOWS\system32\cabview.dll Find File: cabview.dll Find File: C:\WINDOWS\system32\sysmon.ocx Find File: C:\WINDOWS\system32\scrrun.dll Find File: C:\WINDOWS\system32\catsrvut.dll Find File: %SystemRoot%\system32\dsuiext.dll Find File: C:\WINDOWS\system32\dsuiext.dll Find File: C:\WINDOWS\system32\wiascr.dll Find File: %SystemRoot%\system32\SHELL32.dll,-40 Find File: adsnw.dll Find File: C:\WINDOWS\adsnw.dll Find File: C:\WINDOWS\system32\adsnw.dll Find File: C:\WINDOWS\system32\msscript.ocx Find File: C:\WINDOWS\system32\qdvd.dll Find File: C:\WINDOWS\system32\dxtrans.dll Find File: C:\WINDOWS\system32\docprop2.dll Find File: dpvoice.dll Find File: C:\WINDOWS\dpvoice.dll Find File: C:\WINDOWS\system32\dpvoice.dll Find File: C:\WINDOWS\system32\confmsp.dll Find File: C:\WINDOWS\system32\h323msp.dll Find File: C:\WINDOWS\system32\cmprops.dll Find File: %SystemRoot%\System32\gptext.dll Find File: C:\WINDOWS\system32\gptext.dll Find File: C:\WINDOWS\msagent\agentsr.dll Find File: C:\Program Files\Common Files\System\Ole DB\msxactps.dll Find File: %SystemRoot%\System32\GPEdit.dll Find File: C:\WINDOWS\system32\gpedit.dll Find File: %SystemRoot%\system32\msoeacct.dll Find File: C:\WINDOWS\system32\msoeacct.dll Find File: C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll Find File: C:\WINDOWS\system32\qdv.dll Find File: %SystemRoot%\System32\cscui.dll Find File: C:\WINDOWS\system32\cscui.dll Find File: C:\WINDOWS\system32\wbem\fastprox.dll Find File: C:\WINDOWS\system32\wmdmlog.dll Find File: C:\WINDOWS\system32\dsdmo.dll Find File: C:\WINDOWS\system32\mycomput.dll Find File: C:\WINDOWS\system32\xenroll.dll Find File: %SystemRoot%\System32\dmintf.dll Find File: C:\WINDOWS\system32\dmintf.dll Find File: C:\WINDOWS\system32\wuapi.dll Find File: C:\WINDOWS\msagent\agentpsh.dll Find File: C:\WINDOWS\ime\sptip.dll Find File: C:\WINDOWS\system32\scardssp.dll Find File: C:\WINDOWS\system32\mstask.dll,-101 Find File: c:\windows\system32\mstask.dll Find File: C:\WINDOWS\system32\mstask.dll,0 Find File: C:\WINDOWS\system32\inetsrv\asptxn.dll Find File: btpanui.dll Find File: C:\WINDOWS\btpanui.dll Find File: C:\WINDOWS\system32\btpanui.dll Find File: C:\WINDOWS\system32\inetsrv\adrot.dll Find File: %SystemRoot%\system32\dsquery.dll Find File: C:\WINDOWS\system32\dsquery.dll Find File: C:\WINDOWS\system32\sbe.dll Find File: C:\WINDOWS\system32\wbem\wbemdisp.dll Find File: C:\WINDOWS\system32\legitcheckcontrol.dll Find File: icmui.dll Find File: C:\WINDOWS\icmui.dll Find File: C:\WINDOWS\system32\icmui.dll Find File: C:\WINDOWS\system32\objsel.dll Find File: C:\WINDOWS\system32\catsrv.dll Find File: C:\WINDOWS\system32\wbem\wbemcore.dll Find File: C:\WINDOWS\system32\qasf.dll Find File: C:\WINDOWS\system32\diactfrm.dll Find File: C:\WINDOWS\system32\msdtcprx.dll Find File: C:\WINDOWS\system32\inetsrv\smtpadm.dll Find File: C:\WINDOWS\system32\msieftp.dll Find File: C:\WINDOWS\ime\softkbd.dll Find File: C:\WINDOWS\system32\hypertrm.dll Find File: C:\WINDOWS\system32\appmgr.dll Find File: C:\WINDOWS\system32\inetsrv\PermChk.dll Find File: C:\Program Files\Support Tools\adsiedit.dll Find File: C:\WINDOWS\system32\comaddin.dll Find File: C:\WINDOWS\system32\dmscript.dll Find File: C:\WINDOWS\system32\webvw.dll Find File: C:\WINDOWS\system32\upnp.dll Find File: C:\WINDOWS\system32\wmdmps.dll Find File: query.dll Find File: C:\WINDOWS\query.dll Find File: C:\WINDOWS\system32\query.dll Find File: C:\WINDOWS\system32\wbem\dsprov.dll Find File: rshx32.dll Find File: C:\WINDOWS\rshx32.dll Find File: C:\WINDOWS\system32\rshx32.dll Find File: %SystemRoot%\system32\SHELL32.dll,-135 Find File: C:\WINDOWS\system32\ir50_32.dll Find File: C:\WINDOWS\system32\LangWrbk.dll Find File: C:\WINDOWS\system32\capesnpn.dll Find File: C:\WINDOWS\system32\dfrgui.dll Find File: C:\WINDOWS\system32\wmnetmgr.dll Find File: C:\Program Files\Common Files\System\Ole DB\oledb32.dll Find File: %SystemRoot%\system32\WINHTTP.dll Find File: C:\WINDOWS\system32\winhttp.dll Find File: %SystemRoot%\system32\SHELL32.dll,17 Find File: %SystemRoot%\Explorer.exe,0 Find File: C:\WINDOWS\explorer.exe Find File: %SystemRoot%\system32\msrating.dll Find File: C:\WINDOWS\system32\msrating.dll Find File: %SystemRoot%\system32\browseui.dll,8 Find File: C:\WINDOWS\system32\tapi3.dll Find File: %SystemRoot%\System32\shell32.dll,-137 Find File: %SystemRoot%\System32\shell32.dll,-138 Find File: dpvvox.dll Find File: C:\WINDOWS\dpvvox.dll Find File: C:\WINDOWS\system32\dpvvox.dll Find File: C:\Program Files\Common Files\System\ado\msadomd.dll Find File: adsldp.dll Find File: C:\WINDOWS\adsldp.dll Find File: C:\WINDOWS\system32\adsldp.dll Find File: C:\WINDOWS\system32\dsdmoprp.dll Find File: C:\WINDOWS\system32\msadds32.ax Find File: %ProgramFiles%\Outlook Express\msoe.dll,2 Find File: C:\WINDOWS\system32\avtapi.dll Find File: C:\WINDOWS\system32\wbem\wmipiprt.dll Find File: C:\WINDOWS\help\sniffpol.dll Find File: C:\WINDOWS\system32\ntmsmgr.dll Find File: %SystemRoot%\system32\DATACLEN.DLL Find File: C:\WINDOWS\system32\dataclen.dll Find File: adsnt.dll Find File: C:\WINDOWS\adsnt.dll Find File: C:\WINDOWS\system32\adsnt.dll Find File: C:\Program Files\Internet Explorer\iexplore.exe,1 Find File: {eec97550-47a9-11cf-b952-00aa0051fe20} Find File: C:\WINDOWS\{eec97550-47a9-11cf-b952-00aa0051fe20} Find File: C:\WINDOWS\system32\{eec97550-47a9-11cf-b952-00aa0051fe20}.exe Find File: C:\WINDOWS\system32\{eec97550-47a9-11cf-b952-00aa0051fe20} Get File Attributes: {eec97550-47a9-11cf-b952-00aa0051fe20} Flags: (SECURITY_ANONYMOUS) Find File: %SystemRoot%\system32\shell32.dll,-23 Find File: %SystemRoot%\system32\shell32.dll,-24 Find File: %SystemRoot%\system32\shell32.dll,-48 Find File: %SystemRoot%\system32\shell32.dll,-25 Find File: %SystemRoot%\explorer.exe,-253 Find File: %SystemRoot%\explorer.exe,-254 Find File: moricons.dll,-114 Find File: C:\WINDOWS\moricons.dll Find File: C:\WINDOWS\system32\moricons.dll Find File: C:\WINDOWS\system32\msaatext.dll Find File: C:\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ieinfo5.ocx Find File: C:\WINDOWS\system32\danim.dll Find File: C:\WINDOWS\system32\mswmdm.dll Find File: dinput.dll Find File: C:\WINDOWS\dinput.dll Find File: C:\WINDOWS\system32\dinput.dll Find File: C:\WINDOWS\system32\dinput8.dll Find File: C:\WINDOWS\system32\wbem\wbemcons.dll Find File: C:\WINDOWS\system32\wbem\scrcons.exe Find File: C:\WINDOWS\system32\inetsrv\logscrpt.dll Find File: C:\WINDOWS\help\sstub.dll Find File: C:\Program Files\Common Files\System\msadc\msdarem.dll Find File: %SystemRoot%\system32\hnetwiz.dll,-10000 Find File: C:\WINDOWS\system32\hnetwiz.dll Find File: %SystemRoot%\system32\hnetwiz.dll Find File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll Find File: C:\WINDOWS\system32\rsmui.exe Find File: C:\WINDOWS\system32\mlang.dll Find File: C:\WINDOWS\system32\comsnap.dll Find File: C:\WINDOWS\system32\mpg2splt.ax Find File: C:\WINDOWS\system32\certmgr.dll Find File: dpnet.dll Find File: C:\WINDOWS\dpnet.dll Find File: C:\WINDOWS\system32\dpnet.dll Find File: WAMREGPS.DLL Find File: C:\WINDOWS\wamregps.dll Find File: C:\WINDOWS\system32\wamregps.dll Find File: C:\WINDOWS\system32\rdchost.dll Find File: C:\WINDOWS\system32\wbem\ncprov.dll Find File: ADMWPROX.DLL Find File: C:\WINDOWS\admwprox.dll Find File: C:\WINDOWS\system32\admwprox.dll Find File: C:\WINDOWS\system32\comsvcs.dll Find File: C:\WINDOWS\system32\mp4sdmod.dll Find File: C:\WINDOWS\system32\bidispl.dll Find File: %SystemRoot%\System32\xmlprovi.dll Find File: C:\WINDOWS\system32\xmlprovi.dll Find File: c:\windows\srchasst\srchui.dll Find File: C:\Program Files\Messenger\msgsc.dll Find File: C:\WINDOWS\system32\comuid.dll Find File: %SystemRoot%\system32\netplwiz.dll Find File: C:\WINDOWS\system32\netplwiz.dll Find File: C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx Find File: adsmsext.dll Find File: C:\WINDOWS\adsmsext.dll Find File: C:\WINDOWS\system32\adsmsext.dll Find File: C:\WINDOWS\system32\colbact.DLL Find File: %SystemRoot%\system32\themeui.dll,7 Find File: C:\WINDOWS\system32\themeui.dll Find File: %SystemRoot%\system32\themeui.dll Find File: C:\WINDOWS\system32\inetsrv\seo.dll Find File: dpvacm.dll Find File: C:\WINDOWS\dpvacm.dll Find File: C:\WINDOWS\system32\dpvacm.dll Find File: C:\WINDOWS\system32\wmadmod.dll Find File: dplayx.dll Find File: C:\WINDOWS\dplayx.dll Find File: C:\WINDOWS\system32\dplayx.dll Find File: C:\WINDOWS\system32\iepeers.dll Find File: C:\WINDOWS\system32\mshta.exe Find File: C:\WINDOWS\system32\mshta.exe,1 Find File: C:\WINDOWS\system32\mshtmled.dll Find File: %SystemRoot%\system32\imgutil.dll Find File: C:\WINDOWS\system32\imgutil.dll Find File: msconf.dll Find File: C:\WINDOWS\msconf.dll Find File: C:\WINDOWS\system32\ir41_32.ax Find File: C:\WINDOWS\system32\inetsrv\logui.ocx,0 Find File: c:\windows\system32\inetsrv\logui.ocx Find File: C:\Program Files\Outlook Express\wabfind.dll Find File: C:\WINDOWS\system32\msscp.dll Find File: C:\WINDOWS\system32\msscds32.ax Find File: C:\WINDOWS\system32\tdc.ocx Find File: C:\WINDOWS\system32\NETSHELL.dll Find File: C:\WINDOWS\system32\datime.dll Find File: C:\Program Files\Common Files\System\msadc\msadds.dll Find File: C:\WINDOWS\system32\mstscax.dll Find File: C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll Find File: C:\WINDOWS\system32\stobject.dll Find File: %SystemRoot%\system32\extmgr.dll Find File: C:\WINDOWS\system32\extmgr.dll Find File: C:\WINDOWS\system32\daxctle.ocx Find File: C:\WINDOWS\system32\certcli.dll Find File: C:\WINDOWS\help\TShoot.dll Find File: C:\WINDOWS\system32\l3codecx.ax Find File: dsound.dll Find File: C:\WINDOWS\dsound.dll Find File: C:\WINDOWS\system32\dsound.dll Find File: C:\WINDOWS\system32\wiavideo.dll Find File: C:\WINDOWS\system32\hotplug.dll Find File: C:\WINDOWS\system32\tscfgwmi.dll Find File: C:\WINDOWS\system32\wmstream.dll Find File: C:\WINDOWS\system32\ciodm.dll Find File: ddraw.dll Find File: C:\WINDOWS\ddraw.dll Find File: C:\WINDOWS\system32\ddraw.dll Find File: C:\WINDOWS\system32\comdlg32.ocx Find File: %SystemRoot%\system32\xpsp2res.dll,-2026 Find File: C:\WINDOWS\system32\xpsp2res.dll Find File: %SystemRoot%\System32\mmcndmgr.dll Find File: C:\WINDOWS\system32\mmcndmgr.dll Find File: C:\WINDOWS\system32\wbem\cimwin32.dll Find File: C:\WINDOWS\system32\oleprn.dll Find File: docprop.dll Find File: C:\WINDOWS\docprop.dll Find File: C:\WINDOWS\system32\docprop.dll Find File: C:\WINDOWS\system32\dmstyle.dll Find File: C:\WINDOWS\system32\shimgvw.dll Find File: C:\WINDOWS\system32\vbscript.dll Find File: wiashext.dll Find File: C:\WINDOWS\wiashext.dll Find File: C:\WINDOWS\system32\wiashext.dll Find File: C:\Program Files\Common Files\System\msadc\msadce.dll Find File: C:\WINDOWS\system32\acelpdec.ax Find File: C:\WINDOWS\system32\wbem\trnsprov.dll Find File: C:\WINDOWS\system32\iisext.dll Find File: %SystemRoot%\system32\shmedia.dll Find File: C:\WINDOWS\system32\shmedia.dll Find File: ntshrui.dll Find File: C:\WINDOWS\ntshrui.dll Find File: C:\WINDOWS\system32\ntshrui.dll Find File: shdocvw.dll Find File: C:\WINDOWS\shdocvw.dll Find File: C:\WINDOWS\system32\hhctrl.ocx Find File: deskadp.dll Find File: C:\WINDOWS\deskadp.dll Find File: C:\WINDOWS\system32\deskadp.dll Find File: deskmon.dll Find File: C:\WINDOWS\deskmon.dll Find File: C:\WINDOWS\system32\deskmon.dll Find File: deskpan.dll Find File: C:\WINDOWS\deskpan.dll Find File: C:\WINDOWS\system32\deskpan.dll Get File Attributes: deskpan.dll Flags: (SECURITY_ANONYMOUS) Find File: C:\WINDOWS\system32\laprxy.dll Find File: C:\WINDOWS\system32\dfrgsnap.dll Find File: C:\Program Files\Internet Explorer\Connection Wizard\trialoc.dll Find File: %SystemRoot%\system32\msxml.dll Find File: C:\WINDOWS\system32\msxml.dll Find File: C:\WINDOWS\system32\bitsprx3.dll Find File: C:\WINDOWS\system32\wbem\wbemprox.dll Find File: C:\WINDOWS\system32\ATL.DLL Find File: %SystemRoot%\system32\SHELL32.dll,-235 Find File: d3drm.dll Find File: C:\WINDOWS\d3drm.dll Find File: C:\WINDOWS\system32\d3drm.dll Find File: d3dxof.dll Find File: C:\WINDOWS\d3dxof.dll Find File: C:\WINDOWS\system32\d3dxof.dll Find File: C:\WINDOWS\system32\termmgr.dll Find File: C:\WINDOWS\system32\camocx.dll Find File: C:\WINDOWS\system32\itircl.dll Find File: C:\WINDOWS\system32\inetsrv\Status.dll Find File: C:\WINDOWS\system32\g711codc.ax Find File: C:\WINDOWS\system32\dmusic.dll Find File: %SystemRoot%\system32\msxml3.dll,0 Find File: {5e941d80-bf96-11cd-b579-08002b30bfeb} Find File: C:\WINDOWS\{5e941d80-bf96-11cd-b579-08002b30bfeb} Find File: C:\WINDOWS\system32\{5e941d80-bf96-11cd-b579-08002b30bfeb}.exe Find File: C:\WINDOWS\system32\{5e941d80-bf96-11cd-b579-08002b30bfeb} Get File Attributes: {5e941d80-bf96-11cd-b579-08002b30bfeb} Flags: (SECURITY_ANONYMOUS) Find File: C:\WINDOWS\system32\msimtf.dll Find File: %SystemRoot%\System32\mmc.exe Find File: C:\WINDOWS\system32\mmc.exe Find File: C:\WINDOWS\system32\wbem\unsecapp.exe Find File: C:\WINDOWS\system32\amstream.dll Find File: %ProgramFiles%\Common Files\System\directdb.dll Find File: C:\Program Files\common files\system\directdb.dll Find File: %SystemRoot%\system32\mydocs.dll Find File: C:\WINDOWS\system32\mydocs.dll Find File: C:\WINDOWS\system32\wbem\wmipdskq.dll Find File: C:\WINDOWS\system32\wmpasf.dll Find File: C:\WINDOWS\msagent\agentmpx.dll Find File: C:\WINDOWS\system32\dmime.dll Find File: %SystemRoot%\system32\photowiz.dll Find File: C:\WINDOWS\system32\photowiz.dll Find File: C:\Program Files\Common Files\MSSoap\Binaries\mssoap1.dll Find File: C:\WINDOWS\system32\wbem\wmidcprv.dll Find File: C:\WINDOWS\system32\racpldlg.dll Find File: C:\WINDOWS\system32\inetsrv\nextlink.dll Find File: C:\WINDOWS\system32\sti.dll Find File: C:\WINDOWS\system32\wavemsp.dll Find File: C:\WINDOWS\system32\wbem\wmiprvsd.dll Find File: C:\WINDOWS\system32\es.dll Find File: dssec.dll Find File: C:\WINDOWS\dssec.dll Find File: C:\WINDOWS\system32\dssec.dll Find File: C:\WINDOWS\system32\wmvds32.ax Find File: dmadmin.exe /com Find File: C:\WINDOWS\dmadmin.exe Find File: C:\WINDOWS\system32\dmadmin.exe Find File: C:\WINDOWS\system32\ddrawex.dll Find File: C:\WINDOWS\system32\regwizc.dll Find File: SlayerXP.dll Find File: C:\WINDOWS\slayerxp.dll Find File: C:\WINDOWS\system32\slayerxp.dll Find File: C:\WINDOWS\system32\imapi.exe Find File: C:\WINDOWS\system32\licmgr10.dll Find File: dpnhupnp.dll Find File: C:\WINDOWS\dpnhupnp.dll Find File: C:\WINDOWS\system32\dpnhupnp.dll Find File: C:\WINDOWS\system32\browsewm.dll Find File: C:\WINDOWS\system32\shsvcs.dll Find File: C:\WINDOWS\system32\msutb.dll Find File: C:\WINDOWS\system32\inetsrv\appconf.dll Find File: C:\WINDOWS\system32\odbcconf.dll Find File: C:\WINDOWS\system32\bitsprx2.dll Find File: C:\WINDOWS\system32\rsfsaps.dll Find File: shscrap.dll Find File: C:\WINDOWS\shscrap.dll Find File: C:\WINDOWS\system32\shscrap.dll Find File: C:\WINDOWS\system32\wshcon.dll Find File: {5645C8C1-E277-11CF-8FDA-00AA00A14F93} Find File: C:\WINDOWS\{5645c8c1-e277-11cf-8fda-00aa00a14f93} Find File: C:\WINDOWS\system32\{5645c8c1-e277-11cf-8fda-00aa00a14f93}.exe Find File: C:\WINDOWS\system32\{5645c8c1-e277-11cf-8fda-00aa00a14f93} Get File Attributes: {5645C8C1-E277-11CF-8FDA-00AA00A14F93} Flags: (SECURITY_ANONYMOUS) Find File: C:\WINDOWS\system32\mimefilt.dll Find File: {5645C8C4-E277-11CF-8FDA-00AA00A14F93} Find File: C:\WINDOWS\{5645c8c4-e277-11cf-8fda-00aa00a14f93} Find File: C:\WINDOWS\system32\{5645c8c4-e277-11cf-8fda-00aa00a14f93}.exe Find File: C:\WINDOWS\system32\{5645c8c4-e277-11cf-8fda-00aa00a14f93} Get File Attributes: {5645C8C4-E277-11CF-8FDA-00AA00A14F93} Flags: (SECURITY_ANONYMOUS) Find File: C:\WINDOWS\system32\filemgmt.dll Find File: C:\WINDOWS\system32\dx8vb.dll Find File: C:\WINDOWS\system32\rastls.dll Find File: C:\WINDOWS\system32\dmsynth.dll Find File: diskcopy.dll Find File: C:\WINDOWS\diskcopy.dll Find File: C:\WINDOWS\system32\diskcopy.dll Find File: %SystemRoot%\system32\twext.dll Find File: C:\WINDOWS\system32\twext.dll Find File: C:\Program Files\Support Tools\sidwkr.dll Find File: ntlanui2.dll Find File: C:\WINDOWS\ntlanui2.dll Find File: C:\WINDOWS\system32\ntlanui2.dll Find File: C:\WINDOWS\system32\inetsrv\w3ext.dll Find File: %SystemRoot%\System32\ieaksie.dll Find File: C:\WINDOWS\system32\ieaksie.dll Find File: C:\WINDOWS\system32\msr2c.dll Find File: C:\WINDOWS\system32\wbem\wbemcntl.dll Find File: C:\WINDOWS\system32\qmgrprxy.dll Find File: C:\WINDOWS\system32\itss.dll Find File: C:\WINDOWS\system32\wbem\wbemess.dll Find File: C:\WINDOWS\system32\localsec.dll Find File: %SystemRoot%\System32\icmui.dll Find File: C:\WINDOWS\system32\rcbdyctl.dll Find File: C:\WINDOWS\system32\rdshost.exe Find File: %SystemRoot%\system32\SHELL32.dll,-33 Find File: C:\WINDOWS\system32\wuaucpl.cpl Find File: C:\WINDOWS\system32\wiaacmgr.exe Find File: C:\WINDOWS\system32\safrcdlg.dll Find File: rundll32.exe shell32.dll,SHCreateLocalServerRunDll {601ac3dc-786a-4eb0-bf40-ee3521e70bfb} Find File: C:\WINDOWS\system32\wshext.dll Find File: C:\WINDOWS\system32\shgina.dll Find File: C:\WINDOWS\system32\wbem\xml\wmi2xml.dll Find File: C:\WINDOWS\system32\wbem\wmimsg.dll Find File: mobsync.dll Find File: C:\WINDOWS\mobsync.dll Find File: C:\WINDOWS\system32\mobsync.dll Find File: mobsync.exe Find File: C:\WINDOWS\mobsync.exe Find File: C:\WINDOWS\system32\mobsync.exe Find File: C:\WINDOWS\system32\msieftp.dll,0 Find File: C:\WINDOWS\system32\wuweb.dll Find File: %SystemRoot%\System32\shell32.dll,31 Find File: C:\WINDOWS\system32\inetsrv\Tools.dll Find File: C:\WINDOWS\system32\wbem\wmipjobj.dll Find File: C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\spttseng.dll Find File: C:\WINDOWS\system32\SWPRV.DLL Find File: %SystemRoot%\system32\shimgvw.dll Find File: C:\WINDOWS\system32\wmspdmoe.dll Find File: %SystemRoot%\system32\osuninst.EXE,0 Find File: C:\WINDOWS\system32\osuninst.exe Find File: %SystemRoot%\system32\osuninst.DLL Find File: C:\WINDOWS\system32\osuninst.dll Find File: C:\Program Files\Common Files\SpeechEngines\Microsoft\spcommon.dll Find File: C:\WINDOWS\system32\wbem\policman.dll Find File: C:\WINDOWS\system32\dxmasf.dll Find File: C:\WINDOWS\system32\iasrecst.dll Find File: C:\WINDOWS\system32\iassvcs.dll Find File: C:\WINDOWS\system32\iaspolcy.dll Find File: C:\WINDOWS\system32\iasacct.dll Find File: C:\WINDOWS\system32\iashlpr.dll Find File: C:\WINDOWS\system32\iasads.dll Find File: C:\WINDOWS\system32\iasnap.dll Find File: C:\WINDOWS\system32\iasrad.dll Find File: C:\WINDOWS\system32\iassam.dll Find File: C:\WINDOWS\system32\wbem\esscli.dll Find File: C:\WINDOWS\system32\upnpcont.exe Find File: C:\WINDOWS\system32\wbem\mofd.dll Find File: %SystemRoot%\system32\SHELL32.dll,-210 Find File: C:\WINDOWS\system32\asctrls.ocx Find File: %SystemRoot%\system32\inseng.dll Find File: C:\WINDOWS\system32\inseng.dll Find File: C:\WINDOWS\system32\wbem\wmipsess.dll Find File: C:\WINDOWS\system32\Com\comadmin.dll Find File: %SystemRoot%\System32\dmdlgs.dll Find File: C:\WINDOWS\system32\dmdlgs.dll Find File: C:\WINDOWS\system32\wmadmoe.dll Find File: dsprop.dll Find File: C:\WINDOWS\dsprop.dll Find File: C:\WINDOWS\system32\dsprop.dll Find File: C:\WINDOWS\system32\inetsrv\asp.DLL Find File: C:\WINDOWS\system32\wbem\stdprov.dll Find File: %SystemRoot%\system32\srclient.dll,0 Find File: C:\WINDOWS\system32\srclient.dll Find File: C:\WINDOWS\system32\wbem\wmipicmp.dll Find File: C:\WINDOWS\system32\wbem\wmiprvse.exe Find File: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE",1 Find File: C:\WINDOWS\system32\devmgr.dll Find File: C:\WINDOWS\system32\cryptext.dll Find File: C:\WINDOWS\system32\smlogcfg.dll Find File: C:\WINDOWS\system32\wbem\updprov.dll Find File: C:\WINDOWS\system32\drmstor.dll Find File: C:\WINDOWS\system32\inetsrv\wamreg.dll Find File: %systemroot%\system32\wbem\wbemperf.dll Find File: C:\WINDOWS\system32\wbem\wbemperf.dll Find File: C:\WINDOWS\system32\dgnet.dll Find File: printui.dll Find File: C:\WINDOWS\printui.dll Find File: C:\WINDOWS\system32\printui.dll Find File: rundll32.exe C:\WINDOWS\system32\hotplug.dll,CreateLocalServer {783C030F-E948-487D-B35D-94FCF0F0C172} Find File: C:\WINDOWS\system32\wbem\fwdprov.dll Find File: ADMXPROX.DLL Find File: C:\WINDOWS\admxprox.dll Find File: C:\WINDOWS\system32\admxprox.dll Find File: C:\WINDOWS\system32\wbem\CmdEvTgProv.dll Find File: dskquota.dll Find File: C:\WINDOWS\dskquota.dll Find File: C:\WINDOWS\system32\dskquota.dll Find File: dskquoui.dll Find File: C:\WINDOWS\dskquoui.dll Find File: C:\WINDOWS\system32\dskquoui.dll Find File: C:\WINDOWS\system32\wbem\repdrvfs.dll Find File: C:\WINDOWS\system32\dmband.dll Find File: C:\WINDOWS\system32\hlink.dll Find File: %SystemRoot%\system32\netplwiz.dll,-102 Find File: C:\WINDOWS\system32\snmpsnap.dll Find File: C:\WINDOWS\system32\wmsdmod.dll Find File: %SystemRoot%\system32\shdocvw.dll,-20780 Find File: C:\Program Files\Common Files\System\msadc\msdaprst.dll Find File: C:\WINDOWS\system32\wbem\wbemsvc.dll Find File: C:\WINDOWS\system32\rsmps.dll Find File: C:\WINDOWS\system32\wmpshell.dll Find File: C:\WINDOWS\system32\l3codeca.acm Find File: C:\WINDOWS\system32\catsrvps.dll Find File: C:\WINDOWS\system32\encapi.dll Find File: DfrgNtfs.exe Find File: C:\WINDOWS\dfrgntfs.exe Find File: C:\WINDOWS\system32\dfrgntfs.exe Find File: DfrgFat.exe Find File: C:\WINDOWS\dfrgfat.exe Find File: C:\WINDOWS\system32\dfrgfat.exe Find File: C:\WINDOWS\system32\vbisurf.ax Find File: C:\WINDOWS\system32\credui.dll Find File: C:\WINDOWS\system32\wmvdmod.dll Find File: C:\WINDOWS\system32\scriptpw.dll Find File: %SystemRoot%\system32\occache.dll,0 Find File: C:\WINDOWS\system32\occache.dll Find File: %SystemRoot%\system32\occache.dll Find File: C:\PROGRA~1\MSNGAM~1\Windows\zclientm.exe Find File: %SystemRoot%\system32\syncui.dll,0 Find File: C:\WINDOWS\system32\syncui.dll Find File: syncui.dll Find File: C:\WINDOWS\syncui.dll Find File: shdoclc.dll,-190 Find File: C:\WINDOWS\shdoclc.dll Find File: C:\WINDOWS\system32\shdoclc.dll Find File: C:\WINDOWS\system32\wmspdmod.dll Find File: C:\WINDOWS\system32\hticons.dll Find File: C:\WINDOWS\system32\inetsrv\iwrps.dll Find File: %SystemRoot%\system32\zipfldr.dll Find File: C:\WINDOWS\system32\zipfldr.dll Find File: C:\WINDOWS\system32\fde.dll Find File: C:\WINDOWS\system32\wups.dll Find File: C:\WINDOWS\system32\mspmsp.dll Find File: C:\WINDOWS\system32\inetsrv\Counters.dll Find File: C:\WINDOWS\system32\dswave.dll Find File: C:\WINDOWS\system32\clbcatex.dll Find File: C:\WINDOWS\system32\comrepl.dll Find File: C:\WINDOWS\system32\wmsdmoe.dll Find File: %SystemRoot%\system32\webcheck.dll,0 Find File: %SystemRoot%\System32\dmdskmgr.dll Find File: C:\WINDOWS\system32\dmdskmgr.dll Find File: C:\WINDOWS\system32\inetcfg.dll Find File: C:\WINDOWS\system32\adsiis.dll Find File: gcdef.dll Find File: C:\WINDOWS\gcdef.dll Find File: C:\WINDOWS\system32\gcdef.dll Find File: C:\Program Files\Common Files\System\ado\msadrh15.dll Find File: C:\WINDOWS\system32\stclient.dll Find File: C:\WINDOWS\system32\dmloader.dll Find File: C:\Program Files\Common Files\System\msadc\msadcf.dll Find File: C:\WINDOWS\ime\mscandui.dll Find File: C:\WINDOWS\system32\vss_ps.dll Find File: C:\WINDOWS\system32\txflog.dll Find File: C:\WINDOWS\msagent\mslwvtts.dll Find File: CIAdmin.dll Find File: C:\WINDOWS\ciadmin.dll Find File: C:\WINDOWS\system32\ciadmin.dll Find File: dpnhpast.dll Find File: C:\WINDOWS\dpnhpast.dll Find File: C:\WINDOWS\system32\dpnhpast.dll Find File: C:\WINDOWS\system32\wmvdmoe2.dll Find File: C:\WINDOWS\system32\wbem\krnlprov.dll Find File: C:\WINDOWS\system32\Setup\fxsocm.dll Find File: C:\WINDOWS\system32\inetsrv\wam.dll Find File: rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} Find File: C:\WINDOWS\system32\wbem\evntrprv.dll Find File: %SystemRoot%\system32\inetcpl.cpl,15 Find File: C:\WINDOWS\system32\inetcpl.cpl Find File: C:\WINDOWS\system32\sdpblb.dll Find File: %SystemRoot%\system32\xpsp2res.dll,-800 Find File: C:\WINDOWS\system32\sendmail.dll,-2001 Find File: c:\windows\system32\sendmail.dll Find File: C:\WINDOWS\explorer.exe,-103 Find File: C:\WINDOWS\system32\msnetobj.dll Find File: %ProgramFiles%\Outlook Express\oemiglib.dll Find File: C:\Program Files\outlook express\oemiglib.dll Find File: C:\Program Files\Common Files\System\msadc\msdfmap.dll Find File: C:\WINDOWS\system32\servdeps.dll Find File: C:\WINDOWS\system32\svchost.exe Find File: C:\WINDOWS\system32\inetsrv\iscomlog.dll Find File: C:\WINDOWS\system32\licwmi.dll Find File: %SystemRoot%\system32\pngfilt.dll Find File: C:\WINDOWS\system32\pngfilt.dll Find File: C:\WINDOWS\system32\ils.dll Find File: C:\WINDOWS\system32\nusrmgr.cpl Find File: C:\WINDOWS\system32\safrslv.dll Find File: C:\WINDOWS\system32\dxdiagn.dll Find File: C:\WINDOWS\system32\sessmgr.exe Find File: C:\WINDOWS\system32\inetsrv\inetmgr.dll Find File: C:\WINDOWS\system32\wups2.dll Find File: C:\WINDOWS\system32\msident.dll Find File: %SystemRoot%\system32\DATACLEN.DLL,1 Find File: C:\WINDOWS\system32\wbem\viewprov.dll Find File: C:\Program Files\Support Tools\clonepr.dll Find File: C:\WINDOWS\system32\licdll.dll Find File: C:\WINDOWS\system32\wucltui.dll Find File: %SystemRoot%\System32\dmview.ocx Find File: C:\WINDOWS\system32\dmview.ocx Find File: C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL Find File: %SystemRoot%\system32\SHELL32.dll,-173 Find File: C:\WINDOWS\system32\wbem\wmicookr.dll Find File: C:\WINDOWS\system32\sendcmsg.dll Find File: %SystemRoot%\system32\cdfview.dll Find File: C:\WINDOWS\system32\cdfview.dll Find File: C:\WINDOWS\system32\USERENV.dll Find File: C:\WINDOWS\system32\iac25_32.ax Find File: C:\WINDOWS\system32\inetsrv\ContRot.dll Find File: %SystemRoot%\system32\DATACLEN.DLL,2 Find File: C:\WINDOWS\system32\RPCRT4.dll Find File: C:\WINDOWS\system32\msctfp.dll Find File: C:\WINDOWS\system32\actxprxy.dll Find File: C:\WINDOWS\system32\inetsrv\metadata.dll Find File: C:\WINDOWS\system32\inetsrv\cnfgprts.ocx Find File: C:\WINDOWS\system32\cfgbkend.dll Find File: C:\WINDOWS\system32\wiasf.ax Find File: C:\WINDOWS\system32\iassdo.dll Find File: %SystemRoot%\System32\fontext.dll,-101 Find File: C:\WINDOWS\system32\fontext.dll Find File: fontext.dll Find File: C:\WINDOWS\fontext.dll Find File: panmap.dll Find File: C:\WINDOWS\panmap.dll Find File: C:\WINDOWS\system32\panmap.dll Find File: C:\Program Files\Common Files\System\msadc\msadco.dll Find File: C:\WINDOWS\system32\proctexe.ocx Find File: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL,0 Find File: c:\progra~1\common~1\micros~1\webfol~1\msonsext.dll Find File: C:\WINDOWS\system32\wbem\msiprov.dll Find File: C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll Find File: C:\WINDOWS\srchasst\msgr3en.dll Find File: C:\WINDOWS\msagent\agtintl.dll Find File: C:\WINDOWS\system32\inetsrv\admexs.dll Find File: C:\WINDOWS\system32\wbem\wmitimep.dll Find File: C:\WINDOWS\system32\wbem\tmplprov.dll Find File: C:\WINDOWS\system32\encdec.dll Find File: C:\WINDOWS\system32\dispex.dll Find File: C:\WINDOWS\system32\wbem\smtpcons.dll Find File: C:\Program Files\Common Files\System\Ole DB\msdasql.dll Find File: mmcndmgr.dll Find File: C:\WINDOWS\mmcndmgr.dll Find File: C:\WINDOWS\system32\mp43dmod.dll Find File: C:\WINDOWS\system32\msrclr40.dll Find File: C:\WINDOWS\system32\cdosys.dll Find File: C:\WINDOWS\system32\dmocx.dll Find File: C:\WINDOWS\system32\wbem\wmiutils.dll Find File: %SystemRoot%\System32\wiadefui.dll Find File: C:\WINDOWS\system32\wiadefui.dll Find File: %SystemRoot%\system32\main.cpl,9 Find File: C:\WINDOWS\system32\main.cpl Find File: %SystemRoot%\system32\main.cpl,10 Find File: C:\WINDOWS\system32\fsusd.dll Find File: C:\WINDOWS\system32\dmcompos.dll Find File: C:\Program Files\Common Files\System\ado\msjro.dll Find File: C:\WINDOWS\system32\SENS.DLL Find File: mspaint.exe Find File: C:\WINDOWS\mspaint.exe Find File: mspaint.exe, 1 Find File: C:\WINDOWS\system32\netplwiz.dll,-107 Find File: C:\WINDOWS\msagent\AgentSvr.exe Find File: C:\WINDOWS\msagent\agentdpv.dll Find File: C:\WINDOWS\msagent\agentdp2.dll Find File: C:\WINDOWS\msagent\agentctl.dll Find File: dmremote.exe Find File: C:\WINDOWS\dmremote.exe Find File: C:\WINDOWS\system32\dmremote.exe Find File: C:\WINDOWS\system32\inetsrv\certwiz.ocx Find File: C:\WINDOWS\system32\msvbvm60.dll Find File: C:\WINDOWS\system32\alg.exe Find File: C:\WINDOWS\system32\ntmssvc.dll Find File: C:\WINDOWS\system32\mstask.dll,-100 Find File: C:\WINDOWS\system32\rsnotify.exe Find File: C:\WINDOWS\system32\wmiscmgr.dll Find File: C:\WINDOWS\system32\ipsecsnp.dll Find File: C:\WINDOWS\system32\msjetoledb40.dll Find File: C:\WINDOWS\system32\mdhcp.dll Find File: C:\Program Files\Common Files\System\Ole DB\msdaosp.dll Find File: nlhtml.dll Find File: C:\WINDOWS\nlhtml.dll Find File: C:\WINDOWS\system32\nlhtml.dll Find File: C:\WINDOWS\system32\dx7vb.dll Find File: %SystemRoot%\system32\SHELL32.dll,-134 Find File: wiashext.dll,0 Find File: %systemroot%\system32\davclnt.dll Find File: C:\WINDOWS\system32\davclnt.dll Find File: C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll Find File: C:\WINDOWS\system32\vssvc.exe Find File: C:\PROGRA~1\MOVIEM~1\wmm2fxb.dll Find File: C:\PROGRA~1\MOVIEM~1\wmm2ae.dll Find File: C:\Program Files\Common Files\System\Ole DB\msdaora.dll Find File: IISRSTAP.DLL Find File: C:\WINDOWS\iisrstap.dll Find File: C:\WINDOWS\system32\iisrstap.dll Find File: C:\WINDOWS\system32\inetsrv\iisrstas.exe Find File: C:\WINDOWS\system32\comsvcs.dll,0 Find File: C:\WINDOWS\system32\dfsshlex.dll Find File: pid.dll Find File: C:\WINDOWS\pid.dll Find File: C:\WINDOWS\system32\pid.dll Find File: C:\WINDOWS\system32\inetsrv\PageCnt.dll Find File: %SystemRoot%\system32\shdocvw.dll,7 Find File: %SystemRoot%\system32\shdocvw.dll,9 Find File: %SystemRoot%\system32\browseui.dll,6 Find File: C:\WINDOWS\system32\remotepg.dll Find File: OffFilt.dll Find File: C:\WINDOWS\offfilt.dll Find File: C:\WINDOWS\system32\offfilt.dll Find File: C:\WINDOWS\system32\wbem\wbemads.dll Find File: C:\WINDOWS\system32\rend.dll Find File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\brpinfo.dll Find File: C:\WINDOWS\system32\mpg4dmod.dll Find File: C:\WINDOWS\system32\jscript.dll Find File: %SystemRoot%\system32\msxml2.dll Find File: C:\WINDOWS\system32\msxml2.dll Find File: %SystemRoot%\system32\msxml2.dll,0 Find File: C:\WINDOWS\system32\wbem\ntevt.dll Find File: C:\WINDOWS\system32\upnphost.dll Find File: C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL Find File: C:\WINDOWS\system32\wmsdmoe2.dll Find File: deskperf.dll Find File: C:\WINDOWS\deskperf.dll Find File: C:\WINDOWS\system32\deskperf.dll Find File: C:\WINDOWS\system32\msdtcuiu.dll Find File: "%programfiles%\Internet Explorer\iexplore.exe",-32528 Find File: %SystemRoot%\system32\url.dll Find File: C:\WINDOWS\system32\url.dll Find File: C:\WINDOWS\system32\inetsrv\svcext.dll Find File: C Find File: C:\WINDOWS\c Find File: C:\WINDOWS\system32\c.exe Find File: C:\WINDOWS\system32\c Get File Attributes: C Flags: (SECURITY_ANONYMOUS) Find File: C:\WINDOWS\system32\tlntsvrp.dll Find File: C:\WINDOWS\system32\tlntsvr.exe Find File: C:\WINDOWS\system32\inetsrv\iislog.dll Find File: %SystemRoot%\system32\shdocvw.dll,-20785 Find File: rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Open File: \\.\PIPE\wkssvc (OPEN_EXISTING) Get File Attributes: C:\Program Files\Registry Cleaner Flags: (SECURITY_ANONYMOUS) Open File: C:\WINDOWS\system32\webcheck.dll (OPEN_EXISTING) Open File: \SystemRoot\AppPatch\sysmain.sdb (OPEN_EXISTING) Open File: \SystemRoot\AppPatch\systest.sdb (OPEN_EXISTING) Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING) Open File: C:\WINDOWS\system32\webcheck.dll () Find File: webcheck.dll Open File: C:\WINDOWS\system32\urlmon.dll (OPEN_EXISTING) Open File: C:\WINDOWS\system32\urlmon.dll () Find File: urlmon.dll Get File Attributes: C:\Program Files\Internet Explorer\iexplore.exe Flags: (SECURITY_ANONYMOUS) Open File: C:\Program Files\Internet Explorer\iexplore.exe () Find File: iexplore.exe

Mutexes

Creates Mutex: ZonesCounterMutex
Creates Mutex: ZonesCacheCounterMutex
Creates Mutex: ZonesLockedCacheCounterMutex

Registry

Reads
Software\Microsoft\Windows\CurrentVersion\ThemeManager "Compositing" Control Panel\Desktop "LameButtonText" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility "DisableAppCompat" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Classes\CLSID\{00021401-0000-0000-c000-000000000046}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Classes\CLSID\{abbe31d0-6dae-11d0-beca-00c04fd940be}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\SYSTEM\WPA\MediaCenter "Installed" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers "C:\WINDOWS\system32\webcheck.dll" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Classes\CLSID\{fbf23b40-e3f0-101b-8488-00aa003e56f8}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\Msxml30\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers "C:\WINDOWS\system32\urlmon.dll" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings "DisableImprovedZoneCheck" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515} "IsInstalled" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515} "Version" HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 "" HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Registry\Machine\SYSTEM\WPA\MediaCenter "Installed" HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers "C:\Program Files\Internet Explorer\IEXPLORE.EXE" HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags "{40858178-4150-4aef-a949-2b3e5f598e31}"
Enums
KEY(1692) KEY(1702) HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\

Process Management

Creates Process - Filename (http://www.freshreg.com/purchase.php) CommandLine: () As User: () Creation Flags: ()

System Info

Get System Directory
Get Computer Name
Get System Time

User Management

Get User Name

Window

Find Window - Class Name (msctls_updown32) Window Name ()
Enum Windows
Destroy Window - Class Name (TListBox) Window Name ()
Destroy Window - Class Name (TGroupBox) Window Name (Exclude Extensions)
Destroy Window - Class Name (TGroupBox) Window Name (Exclude Files)
Destroy Window - Class Name (TGroupBox) Window Name (Exclude Directories)
Destroy Window - Class Name (TGroupBox) Window Name (Search Options)
Destroy Window - Class Name (TTabSheet) Window Name (Duplicate)
Destroy Window - Class Name (TCheckListBox) Window Name ()
Destroy Window - Class Name (TGroupBox) Window Name (Include Extensions)
Destroy Window - Class Name (TGroupBox) Window Name (Junk Options)
Destroy Window - Class Name (TTabSheet) Window Name (Junk)
Destroy Window - Class Name (TPageControl) Window Name ()
Destroy Window - Class Name (TRemover_Form) Window Name ()
Destroy Window - Class Name (TPUtilWindow) Window Name ()
Destroy Window - Class Name (TSplashScreen) Window Name ()

Network Activity

The following process was started by process: 3

Analysis Number

Parent ID

Process ID

904

Filename

C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe -nohome

Filesize

-1 bytes

MD5

Start Reason

CreateProcess

Termination Reason

Timeout

Start Time

01:28.844

Stop Time

02:00.937

COM

COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({00000000-0000-0000-C000-000000000046})
COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({47851649-A2EF-4E67-BAEC-C6A153AC72EC})
COM Create Instance: %SystemRoot%\system32\SHELL32.dll, ProgID: (), Interface ID: ({EE1F7637-E138-11D1-8379-00C04FD918D0})
COM Create Instance: %SystemRoot%\System32\cscui.dll, ProgID: (), Interface ID: ({0C6C4200-C589-11D0-999A-00C04FD655E1})
COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({85CB6900-4D95-11CF-960C-0080C7F4EE85})
COM Create Instance: , ProgID: (), Interface ID: ({00000149-0000-0000-C000-000000000046})
COM Create Instance: C:\WINDOWS\system32\urlmon.dll, ProgID: (), Interface ID: ({79EAC9EF-BAF9-11CE-8C82-00AA004BA90B})
COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({A5ACA655-7FB8-43DC-A433-8D87B69C70A0})
COM Create Instance: C:\WINDOWS\system32\mlang.dll, ProgID: (), Interface ID: ({275C23E1-3747-11D0-9FEA-00AA003F8646})
COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({000214E6-0000-0000-C000-000000000046})
COM Create Instance: C:\WINDOWS\system32\urlmon.dll, ProgID: (), Interface ID: ({79EAC9EE-BAF9-11CE-8C82-00AA004BA90B})
COM Create Instance: C:\WINDOWS\system32\msimtf.dll, ProgID: (), Interface ID: ({08C0E040-62D1-11D1-9326-0060B067B86E})
COM Create Instance: %SystemRoot%\system32\shdocvw.dll, ProgID: (), Interface ID: ({062E1261-A60E-11D0-82C2-00C04FD5AE38})
COM Create Instance: C:\WINDOWS\system32\mshtmled.dll, ProgID: (Trident.HTMLEditor.1), Interface ID: ({3050F7FA-98B5-11CF-BB82-00AA00BDCE0B})
COM Create Instance: C:\WINDOWS\system32\jscript.dll, ProgID: (JScript), Interface ID: ({BB1A2AE1-A4F9-11CF-8F20-00805F2CD064})
COM Create Instance: , ProgID: (), Interface ID: ({00000146-0000-0000-C000-000000000046})
COM Create Instance: , ProgID: (), Interface ID: ({6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8})
COM Get Class Object: %SystemRoot%\system32\shdocvw.dll, Interface ID: ({00000001-0000-0000-C000-000000000046})
COM Get Class Object: oleaut32.dll, Interface ID: ({D5F569D0-593B-101A-B569-08002B2DBF7A})
COM Get Class Object: %SystemRoot%\system32\mshtml.dll, Interface ID: ({00000001-0000-0000-C000-000000000046})
COM Get Class Object: %SystemRoot%\system32\mshtml.dll, Interface ID: ({00000001-0000-0000-C000-000000000046})
COM Get Class Object: C:\WINDOWS\system32\urlmon.dll, Interface ID: ({00000001-0000-0000-C000-000000000046})

DLL-Handling

Loaded DLLs

C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\Wship6.dll
C:\WINDOWS\system32\pstorec.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\Secur32.dll
SHELL32.dll
ole32.dll
uxtheme.dll
comctl32.dll
BROWSEUI.dll
shdocvw.dll
C:\WINDOWS\system32\browselc.dll
appHelp.dll
OLEAUT32.dll
WININET.dll
OLE32
SXS.DLL
urlmon.dll
C:\WINDOWS\system32\shdoclc.dll
xpsp2res.dll
mlang.dll
RASAPI32.DLL
RTUTILS.DLL
WS2_32.dll
USERENV.dll
netapi32.dll
IMM32.DLL
OLEAUT32
USER32.DLL
WINMM.dll
advapi32.dll

Filesystem

New Files
\Device\RasAcd C:\Documents and Settings\foobar\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Opened Files
C:\WINDOWS\Registration\R000000000014.clb C:\WINDOWS\System32\cscui.dll \\.\shadow \\.\PIPE\lsarpc C:\WINDOWS\system32\shdocvw.dll C:\WINDOWS\system32\stdole2.tlb c:\autoexec.bat C:\WINDOWS\system32\mlang.dat C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\A360B5YU\purchase[1].htm C:\WINDOWS\fonts\ARIAL.TTF C:\WINDOWS\fonts\COUR.TTF C:\WINDOWS\fonts\LUCON.TTF C:\WINDOWS\fonts\L_10646.TTF C:\WINDOWS\fonts\TIMES.TTF C:\WINDOWS\fonts\WINGDING.TTF C:\WINDOWS\fonts\SYMBOL.TTF C:\WINDOWS\fonts\verdana.TTF C:\WINDOWS\fonts\ariblk.TTF C:\WINDOWS\fonts\comic.TTF C:\WINDOWS\fonts\impact.TTF C:\WINDOWS\fonts\georgia.TTF C:\WINDOWS\fonts\Framd.TTF C:\WINDOWS\fonts\pala.TTF C:\WINDOWS\fonts\trebuc.TTF C:\WINDOWS\fonts\webdings.TTF C:\WINDOWS\fonts\estre.TTF C:\WINDOWS\fonts\gautami.TTF C:\WINDOWS\fonts\latha.TTF C:\WINDOWS\fonts\mangal.TTF C:\WINDOWS\fonts\mvboli.TTF C:\WINDOWS\fonts\raavi.TTF C:\WINDOWS\fonts\shruti.TTF C:\WINDOWS\fonts\tunga.TTF C:\WINDOWS\fonts\sylfaen.TTF C:\WINDOWS\fonts\TAHOMA.TTF C:\WINDOWS\fonts\MICROSS.TTF C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\VXZ0R7B8\style[1].css C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\VZOJU3L5\upc[1].css C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\R4AWLO0I\upc[1].js
Chronological order
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS) Open File: C:\WINDOWS\Registration\R000000000014.clb (OPEN_EXISTING) Open File: C:\WINDOWS\System32\cscui.dll (OPEN_EXISTING) Open File: \\.\shadow (OPEN_EXISTING) Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS) Open File: \\.\PIPE\lsarpc (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\foobar\Favorites\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\Favorites\Links Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\desktop.ini Flags: (SECURITY_ANONYMOUS) Open File: C:\WINDOWS\system32\shdocvw.dll (OPEN_EXISTING) Open File: C:\WINDOWS\system32\stdole2.tlb (OPEN_EXISTING) Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS) Open File: c:\autoexec.bat (OPEN_EXISTING) Find File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\.pbk Find File: C:\WINDOWS\system32\Ras\.pbk Find File: C:\Documents and Settings\foobar\Application Data\Microsoft\Network\Connections\Pbk\*.pbk Create/Open File: \Device\RasAcd (OPEN_ALWAYS) Open File: C:\WINDOWS\system32\mlang.dat (OPEN_EXISTING) Open File: C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\A360B5YU\purchase[1].htm (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\ARIAL.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\COUR.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\LUCON.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\L_10646.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\TIMES.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\WINGDING.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\SYMBOL.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\verdana.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\ariblk.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\comic.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\impact.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\georgia.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\Framd.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\pala.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\trebuc.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\webdings.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\estre.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\gautami.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\latha.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\mangal.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\mvboli.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\raavi.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\shruti.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\tunga.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\sylfaen.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\TAHOMA.TTF (OPEN_EXISTING) Open File: C:\WINDOWS\fonts\MICROSS.TTF (OPEN_EXISTING) Open File: C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\VXZ0R7B8\style[1].css (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\foobar\Local Settings\History\desktop.ini Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\WINDOWS\system32\NOTEPAD.EXE Flags: (SECURITY_ANONYMOUS) Open File: C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\VZOJU3L5\upc[1].css (OPEN_EXISTING) Open File: C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\Content.IE5\R4AWLO0I\upc[1].js (OPEN_EXISTING) Get File Attributes: C:\Documents and Settings\foobar\Local Settings\Application Data\Microsoft Flags: (SECURITY_ANONYMOUS) Get File Attributes: C:\Documents and Settings\foobar\Local Settings\Application Data\Microsoft\Internet Explorer Flags: (SECURITY_ANONYMOUS) Create/Open File: C:\Documents and Settings\foobar\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (OPEN_ALWAYS)

INI Files

Read INI File

C:\Documents and Settings\foobar\Favorites\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\Favorites\desktop.ini [.ShellClassInfo] LocalizedResourceName =
C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\Local Settings\Temporary Internet Files\desktop.ini [.ShellClassInfo] LocalizedResourceName =
WIN.INI [windows] DragScrollInset =
WIN.INI [windows] DragScrollDelay =
WIN.INI [windows] DragDelay =
WIN.INI [windows] DragScrollInterval =
C:\Documents and Settings\foobar\Local Settings\History\desktop.ini [DeleteOnCopy] Owner =
C:\Documents and Settings\foobar\Local Settings\History\desktop.ini [.ShellClassInfo] LocalizedResourceName =

Mutexes

Creates Mutex: Shell.CMruPidlList
Creates Mutex: ZonesCounterMutex
Creates Mutex: ZonesCacheCounterMutex
Creates Mutex: ZonesLockedCacheCounterMutex
Creates Mutex: RasPbFile
Creates Mutex: CTF.LBES.MutexDefaultS-1-5-21-1757981266-1202660629-839522115-1003
Creates Mutex: CTF.Compart.MutexDefaultS-1-5-21-1757981266-1202660629-839522115-1003
Creates Mutex: CTF.Asm.MutexDefaultS-1-5-21-1757981266-1202660629-839522115-1003
Creates Mutex: CTF.Layouts.MutexDefaultS-1-5-21-1757981266-1202660629-839522115-1003
Creates Mutex: CTF.TMD.MutexDefaultS-1-5-21-1757981266-1202660629-839522115-1003
Creates Mutex: MSIMGSIZECacheMutex
Opens Mutex: WininetStartupMutex
Opens Mutex: _!SHMSFTHISTORY!_

Registry

Create or Open
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Changes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU "Enable" = [REG_DWORD, value: 00000001] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU "Size" = [REG_DWORD, value: 0000000A] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU "InitHits" = [REG_DWORD, value: 00000064] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU "Factor" = [REG_DWORD, value: 00000014]
Reads
Software\Microsoft\Windows\CurrentVersion\ThemeManager "Compositing" Control Panel\Desktop "LameButtonText" \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility "DisableAppCompat" \Registry\Machine\Software\Classes\CLSID\{a5e46e3a-8849-11d1-9d8c-00c04fc99d61}\InProcServer32 "" HKEY_CLASSES_ROOT\.htm "" HKEY_CLASSES_ROOT\.htm "Content Type" HKEY_CLASSES_ROOT\.html "" HKEY_CLASSES_ROOT\.html "Content Type" \Registry\Machine\Software\Classes\CLSID\{5b4dae26-b807-11d0-9815-00c04fd91972}\InProcServer32 "" \Registry\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 "" \Registry\Machine\Software\Classes\CLSID\{9ba05972-f6a8-11cf-a442-00a0c90a8f39}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer "Debug" HKEY_CLASSES_ROOT "Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32" HKEY_CLASSES_ROOT "Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward" HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib "" HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib "Version" HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32 "" HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 "win32" HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc "UDTAlignmentPolicy" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings "DisableImprovedZoneCheck" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} "Locale" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} "IsInstalled" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} "Version" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} "Version available" HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "User Agent" HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService "DefaultAuthLevel" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "IsTextPlainHonored" HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html "Extension" KEY(1928) "NumShape" HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\\Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 "" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU "Enable" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU "Size" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 "" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Registry\Machine\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 "" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\ "CUAS" HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey" HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\ "EnableAnchorContext" HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF "Disable Thread Input Manager" HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000407\{09EA4E4B-46CE-4469-B450-0DE76A435BBB} "Enable" HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB} "Enable" HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile\Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile\Registry\Machine\Software\Classes\CLSID\{7b8a2d95-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile\Registry\Machine\Software\Classes\CLSID\{ff393560-c2a7-11cf-bff4-444553540000}\InProcServer32 "" HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 "COM+Enabled"
Enums
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1 HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000407 HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409

Process Management

Open Process - Filename (C:\WINDOWS\Explorer.EXE) Target PID: (1584)

Service Management

Open Service Manager - Name: "SCM"
Open Service - Name: "RASMAN"
Open Service - Name: "AudioSrv"

System Info

Get System Directory
Get Computer Name
Get System Time

User Management

Impersonate User - Domain: () User: (foobar)
Get User Name

Window

Find Window - Class Name ($C0C7) Window Name ()
Find Window - Class Name (Shell_TrayWnd) Window Name ()
Find Window - Class Name (IEFrame) Window Name ()
Find Window - Class Name (MS_AutodialMonitor) Window Name ()
Find Window - Class Name (MS_WebcheckMonitor) Window Name ()
Enum Windows

Network Activity

UDP Connections

Download URLs
http://201.218.198.65/purchase.php
http://201.218.198.65/style.css
http://201.218.198.65/images/others1.gif
http://201.218.198.65/images/logotip.gif
http://201.218.198.65/images/background.gif
http://201.218.198.65/order/ordercc.php
http://201.218.198.65/order/upc.css
http://201.218.198.65/order/upc.js
http://201.218.198.65/order/images/cclogos2.gif

Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80
Outgoing connection to remote server: 201.218.198.65 TCP port 80

Analysis Number	5
Parent ID	0
Process ID	528
Filename	services.exe
Filesize	-1 bytes
MD5
Start Reason	SCM
Termination Reason	Timeout
Start Time	01:34.125
Stop Time	02:01.250

Report generated at 20.12.2006 15:01:08 with CWSandbox Version Beta 1.83
This analysis was created by the CWSandbox Copyright © 2006 Carsten Willems
Copyright © 1996-2006 Sunbelt Software. All rights reserved.