TcpAdaptorService.exe - kickstart
=====================================
"20:55:46.4402141","TcpAdaptorService.exe","1856","Thread Create","","SUCCESS","Thread ID: 2564"
"20:55:46.4414148","TcpAdaptorService.exe","1856","QueryNameInformationFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Name: \Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe"
"20:55:46.4417486","TcpAdaptorService.exe","1856","Load Image","C:\Documents and Settings\RIK\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Image Base: 0x400000, Image Size: 0x14000"
"20:55:46.4420386","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\ntdll.dll","SUCCESS","Image Base: 0x7c940000, Image Size: 0x9c000"
"20:55:46.4420716","TcpAdaptorService.exe","1856","QueryNameInformationFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Name: \Documents and Settings\RIK\%DESKTOP%\TcpAdaptorService.exe"
"20:55:46.4423959","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\Prefetch\TCPADAPTORSERVICE0.EXE-396BBFEC.pf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a"
"20:55:46.4428353","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TcpAdaptorService.exe","NAME NOT FOUND","Desired Access: Read"
"20:55:46.4474854","TcpAdaptorService.exe","1856","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.4483690","TcpAdaptorService.exe","1856","FileSystemControl","C:\Documents and Settings\%USER%\%DESKTOP%","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
"20:55:46.4487098","TcpAdaptorService.exe","1856","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"20:55:46.4495457","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\KERNEL32.DLL","SUCCESS","Image Base: 0x7c800000, Image Size: 0x133000"
"20:55:46.4499745","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
"20:55:46.4500449","TcpAdaptorService.exe","1856","ReadFile","C:\WINDOWS\System32\Config\SYSTEM","SUCCESS","Offset: 405,504, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"20:55:46.5030282","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"20:55:46.5030676","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
"20:55:46.5042286","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\ADVAPI32.DLL","SUCCESS","Image Base: 0x77d80000, Image Size: 0xa9000"
"20:55:46.5046295","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\RPCRT4.DLL","SUCCESS","Image Base: 0x77e30000, Image Size: 0x92000"
"20:55:46.5050050","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\SECUR32.DLL","SUCCESS","Image Base: 0x77fa0000, Image Size: 0x11000"
"20:55:46.5057260","TcpAdaptorService.exe","1856","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\PSAPI.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"20:55:46.5113533","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\system32\psapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.5116592","TcpAdaptorService.exe","1856","QueryBasicInformationFile","C:\WINDOWS\system32\psapi.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/31 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
"20:55:46.5119503","TcpAdaptorService.exe","1856","CloseFile","C:\WINDOWS\system32\psapi.dll","SUCCESS",""
"20:55:46.5133203","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\system32\psapi.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.5136259","TcpAdaptorService.exe","1856","CreateFileMapping","C:\WINDOWS\system32\psapi.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"20:55:46.5137086","TcpAdaptorService.exe","1856","CreateFileMapping","C:\WINDOWS\SYSTEM32\PSAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
"20:55:46.5137558","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"20:55:46.5137966","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
"20:55:46.5138446","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"20:55:46.5138812","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS",""
"20:55:46.5139148","TcpAdaptorService.exe","1856","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
"20:55:46.5142243","TcpAdaptorService.exe","1856","CloseFile","C:\WINDOWS\system32\psapi.dll","SUCCESS",""
"20:55:46.5158698","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\PSAPI.DLL","SUCCESS","Image Base: 0x76ba0000, Image Size: 0xb000"
"20:55:46.5165098","TcpAdaptorService.exe","1856","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\WS2_32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"20:55:46.5180164","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.5182997","TcpAdaptorService.exe","1856","QueryBasicInformationFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/31 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
"20:55:46.5185679","TcpAdaptorService.exe","1856","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
"20:55:46.5189520","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.5192403","TcpAdaptorService.exe","1856","CreateFileMapping","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"20:55:46.5193182","TcpAdaptorService.exe","1856","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","SyncType: SyncTypeOther"
"20:55:46.5206556","TcpAdaptorService.exe","1856","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
"20:55:46.5210288","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\WS2_32.DLL","SUCCESS","Image Base: 0x719e0000, Image Size: 0x17000"
"20:55:46.5214431","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\MSVCRT.DLL","SUCCESS","Image Base: 0x77bc0000, Image Size: 0x58000"
"20:55:46.5221245","TcpAdaptorService.exe","1856","CreateFile","C:\Documents and Settings\%USER%\%DESKTOP%\WS2HELP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"20:55:46.5242826","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.5245658","TcpAdaptorService.exe","1856","QueryBasicInformationFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/31 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
"20:55:46.5248323","TcpAdaptorService.exe","1856","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
"20:55:46.5260431","TcpAdaptorService.exe","1856","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"20:55:46.5263742","TcpAdaptorService.exe","1856","CreateFileMapping","C:\WINDOWS\system32\ws2help.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"20:55:46.5264515","TcpAdaptorService.exe","1856","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2HELP.DLL","SUCCESS","SyncType: SyncTypeOther"
"20:55:46.5267443","TcpAdaptorService.exe","1856","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
"20:55:46.5272950","TcpAdaptorService.exe","1856","Load Image","C:\WINDOWS\System32\WS2HELP.DLL","SUCCESS","Image Base: 0x719d0000, Image Size: 0x8000"
"20:55:46.5275738","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
"20:55:46.5276327","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"20:55:46.5276701","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
"20:55:46.5278227","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5278878","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5279294","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5279721","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
"20:55:46.5280193","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"20:55:46.5280409","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"20:55:46.5280713","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
"20:55:46.5280920","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","SUCCESS","Desired Access: Read"
"20:55:46.5281356","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack","NAME NOT FOUND","Length: 144"
"20:55:46.5281696","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","SUCCESS",""
"20:55:46.5281856","TcpAdaptorService.exe","1856","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed"
"20:55:46.5282188","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5282677","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSAPI.DLL","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5282968","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5289088","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5289415","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5289834","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5290103","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll","NAME NOT FOUND","Desired Access: Read"
"20:55:46.5290625","TcpAdaptorService.exe","1856","ReadFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Offset: 20,480, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"20:55:46.5923230","TcpAdaptorService.exe","1856","ReadFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Offset: 4,096, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"20:55:46.5935430","TcpAdaptorService.exe","1856","ReadFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Offset: 69,632, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"20:55:46.6387700","TcpAdaptorService.exe","1856","ReadFile","C:\Documents and Settings\%USER%\%DESKTOP%\TcpAdaptorService.exe","SUCCESS","Offset: 53,248, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"20:55:46.6502701","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\System\CurrentControlSet\Control\ServiceCurrent","SUCCESS","Desired Access: Query Value"
"20:55:46.6503279","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\System\CurrentControlSet\Control\ServiceCurrent\(Default)","SUCCESS","Type: REG_DWORD, Length: 4, Data: 13"
"20:55:46.6503595","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\System\CurrentControlSet\Control\ServiceCurrent","SUCCESS",""
"20:56:01.6479374","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Rpc\PagedBuffers","NAME NOT FOUND","Desired Access: Read"
"20:56:01.6479692","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read"
"20:56:01.6482201","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"
"20:56:01.6482533","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
"20:56:01.6482743","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TcpAdaptorService.exe\RpcThreadPoolThrottle","NAME NOT FOUND","Desired Access: Read"
"20:56:01.6483659","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
"20:56:01.6484087","TcpAdaptorService.exe","1856","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
"20:56:01.6484598","TcpAdaptorService.exe","1856","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
"20:56:01.6484916","TcpAdaptorService.exe","1856","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"20:56:01.6489526","TcpAdaptorService.exe","1856","RegSetValue","HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed","SUCCESS","Type: REG_BINARY, Length: 80, Data: 6D 7B CA A8 FF C8 F9 02 99 7F B6 FD 9C 12 11 DE"
"20:56:01.7667407","TcpAdaptorService.exe","1856","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8,192"
"20:56:01.7670511","TcpAdaptorService.exe","1856","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8,192"
"20:56:01.7681071","TcpAdaptorService.exe","1856","Thread Exit","","SUCCESS","Thread ID: 2564, User Time: 0.0000000, Kernel Time: 0.0156250"
"20:56:01.7685611","TcpAdaptorService.exe","1856","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0156250 seconds, Kernel Time: 0.0156250 seconds, Private Bytes: 278,528, Peak Private Bytes: 282,624, Working Set: 1,179,648, Peak Working Set: 1,183,744"
"20:56:01.7686857","TcpAdaptorService.exe","1856","CloseFile","C:\Documents and Settings\%USER%\%DESKTOP%","SUCCESS",""