Technical information: |
|
| Icon status | No tray icon |
| Icon setting | Not in the system tray |
| Executable file | C:\WINDOWS\Temp\ntclnsrv.exe |
| Version | 1, 0, 0, 1 |
| Parent process | C:\PROGRA~1\QUICKH~1\QUICKH~1\ntclnsrv.exe |
| Can be uninstalled | Yes |
| Encrypted | No |
| Size on disk | 57.9 Kb |
| Minimum recorded memory usage | 1.2 Mb |
| Average recorded memory usage | 5.5 Mb |
| Maximum recorded memory usage | 6.9 Mb |
| Date when maximum memory usage occured | 8/16/2013 11:01:29 AM |
| Minimum recorded CPU usage | 0% |
| Average recorded CPU usage | 0% |
| Maximum recorded CPU usage | 1% |
| Date when maximum CPU usage occured | 8/2/2013 4:30:35 PM |
| Started at | 8/16/2013 11:00:29 AM |
| Total CPU time | 0 seconds |
| Imported functions | [-] Imported from KERNEL32.dllCloseHandle
CopyFileA
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesA
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InterlockedExchange
LCMapStringA
LCMapStringW
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MoveFileExA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
Process32First
Process32Next
QueryPerformanceCounter
ReadFile
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetStdHandle
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
[-] Imported from ADVAPI32.dllAllocateAndInitializeSid
CloseServiceHandle
CreateServiceA
DeleteService
EqualSid
FreeSid
GetTokenInformation
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyA
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetServiceStatus
StartServiceCtrlDispatcherA
|
| Some relevant texts from the exe file | [-] Click here to hide detailshttp://www.quickheal.com0
http://ocsp.verisign.com0?
https://www.verisign.com/rpa0
http://crl.verisign.com/pca3.crl0)
http://ocsp.verisign.com01
http://logo.verisign.com/vslogo.gif0
https://www.verisign.com/cps0*
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://ts-ocsp.ws.symantec.com07
.http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.thawte.com0
!This program cannot be run in DOS mode.
Service for Cleaning
Cleaning Service
[ RMQH_SERVICE ] SetServiceStatus error
[ RMQH_SERVICE ] Unrecognized opcode
[ RMQH_SERVICE ] Leaving Service
/NATIVEDELETE
nvschdl.dll
ntclnsrv.exe
[ RMQH_SERVICE ] Returning the Main Thread
This is a service executable! Couldn
t start directly.
UnLoadGenGuardInterface
LoadGenGuardInterfaceAndGetProcAddress
IsGenGuardInstalled
ggstub.dll
UntrustServiceProcessForEntity
TrustServiceProcessForEntity
TypesSupported
EventMessageFile
/CLEANFROMROOT
RemoveNative
/NATIVEDELETE
Unable to uninstall.
Successfully uninstalled.
/uninstall
Unable to install.
Successfully installed.
/showresult
PerformGenCleaning
DeInitGenCleaning
InitGenCleaning
platform.dll
DeleteFileWrapObject
CreateFileWrapObject
filesdk.dll
Microsoft Visual C++ Runtime Library
<program name unknown>
now be terminated.
Buffer overrun detected!
corrupted the program
s internal state. The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
CorExitProcess
mscoree.dll
runtime error
SING error
DOMAIN error
Please contact the application
s support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
<?xml version=
encoding=
standalone=
urn:schemas-microsoft-com:asm.v1
manifestVersion=
<assemblyIdentity
version=
processorArchitecture=
<description>Apache Uninstaller.</description>
<trustInfo xmlns=
urn:schemas-microsoft-com:asm.v3
<security>
<requestedPrivileges>
<requestedExecutionLevel
uiAccess=
</requestedPrivileges>
</security>
</trustInfo>
VS_VERSION_INFO
StringFileInfo
FileDescription
CleanSer Application
FileVersion
InternalName
LegalCopyright
OriginalFilename
CleanSer.exe
ProductName
CleanSer Application
ProductVersion
VarFileInfo
Translation
Durbanville1
Thawte Certification1
Thawte Timestamping CA0
Symantec Corporation100.
Symantec Time Stamping Services CA - G20
TimeStamp-2048-10
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
TimeStamp-2048-20
.Class 3 Public Primary Certification Authority0
VeriSign Trust Network1;09
VeriSign Class 3 Code Signing 2009-2 CA0
image/gif0!0
Quick Heal Technologies (Pvt) Ltd.1>0<
Quick Heal Technologies (Pvt) Ltd.0
VeriSign Class 3 Code Signing 2009-2 CA
(Quick Heal AntiViru
Symantec Time Stamping Services CA - G2
|
"CleanSer Application" made by "Unknown" 