Thanks, OD. I think we're making progress.
The devmvmt.msc instructions look like they worked on TDSServ. After that, I was able to run combofix, smitfraudfix, and gmer without renaming them. Here are the logs. In case you need another HijackThis log, that's included too. I'll put the Spyware Doctor scan log in a separate message since it's a bit long. Now that TDSServ is gone & I should be able to update Spyware Doctor's data files, should I do that and run a fresh scan?
==================================================================
ComboFix 08-12-14.01 - Keith 2008-12-14 19:48:05.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.780 [GMT -5:00]
Running from: c:\documents and settings\Keith\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\PRE45
c:\windows\IE4 Error Log.txt
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\av.dat
c:\windows\system32\av.exe
c:\windows\system32\dotevumo.dll
c:\windows\system32\Drivers\TDSSxeuu.sys
c:\windows\system32\ekaluyif.ini
c:\windows\system32\esezeguh.ini
c:\windows\system32\furutedu.dll
c:\windows\system32\gawokire.dll
c:\windows\system32\GfMSDJjl.ini
c:\windows\system32\GfMSDJjl.ini2
c:\windows\system32\hugezese.dll
c:\windows\system32\iiffCTJC.dll
c:\windows\system32\IN
c:\windows\system32\kofelabe.dll
c:\windows\system32\lijujuto.dll
c:\windows\system32\lqqttsve.ini
c:\windows\system32\navolawe.dll
c:\windows\system32\op8
c:\windows\system32\pac.txt
c:\windows\system32\shxcmaea.ini
c:\windows\system32\suukjtov.ini
c:\windows\system32\sX3i19
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktao.dll
c:\windows\system32\TDSSocun.dll
c:\windows\system32\TDSSqqon.dll
c:\windows\system32\TDSSravu.dll
c:\windows\system32\TDSSwrhd.log
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\TEC
c:\windows\system32\udeturuf.ini
c:\windows\system32\vapozoki.exe
c:\windows\system32\vi
c:\windows\system32\wakuribi.dll
c:\windows\system32\yotogewo.dll
c:\windows\system32\yudxvdls.ini
c:\windows\system32\zafusiyo.dll
c:\windows\system32\zozefebe.dll
c:\windows\Tasks\ciyvlzhg.job
c:\windows\vmreg.dll
----- BITS: Possible infected sites -----
hxxp://77.74.48.101.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.
2008-12-14 19:46 . 2008-12-14 19:46 302,592 --a------ c:\windows\system32\awtUKabx.dll
2008-12-14 14:22 . 2008-12-14 14:22 <DIR> d-------- C:\GMER
2008-12-14 07:13 . 2008-12-14 07:13 2,713 --ahs---- c:\windows\system32\sufabuwu.exe
2008-12-13 13:13 . 2008-12-13 13:13 2,713 --ahs---- c:\windows\system32\tipenuno.exe
2008-12-12 19:11 . 2008-12-12 19:11 2,713 --ahs---- c:\windows\system32\hisakite.exe
2008-12-09 15:20 . 2008-12-09 15:20 2,713 --ahs---- c:\windows\system32\fibunihu.exe
2008-12-08 07:16 . 2008-12-08 07:16 2,713 --ahs---- c:\windows\system32\nulapawa.exe
2008-12-07 13:16 . 2008-12-07 13:16 2,713 --ahs---- c:\windows\system32\bikabufe.exe
2008-12-06 19:15 . 2008-12-06 19:15 2,713 --ahs---- c:\windows\system32\jehuzuru.exe
2008-12-06 01:14 . 2008-12-06 01:14 2,713 --ahs---- c:\windows\system32\zotemiso.exe
2008-12-03 19:43 . 2008-12-04 11:47 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-03 19:43 . 2008-12-03 19:43 <DIR> d-------- c:\documents and settings\Keith\Application Data\PC Tools
2008-12-03 19:43 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-03 19:43 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-03 19:43 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-03 19:43 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-03 16:31 . 2008-12-14 14:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 14:53 . 2008-12-14 19:52 2,206 --a------ c:\windows\system32\wpa.dbl
2008-12-01 11:03 . 2008-12-05 11:22 64,988 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2008-12-01 11:03 . 2008-12-05 11:22 55,168 --a------ c:\windows\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2008-12-01 11:03 . 2008-12-05 11:22 55,168 --a------ c:\windows\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2008-12-01 11:03 . 2008-12-05 11:22 1,080 --a------ c:\windows\system32\settingsbkup.sfm
2008-12-01 11:03 . 2008-12-05 11:22 1,080 --a------ c:\windows\system32\settings.sfm
2008-12-01 11:02 . 2008-12-14 19:50 17,630 --a------ c:\windows\system32\Config.MPF
2008-12-01 04:32 . 2008-12-14 19:46 6,456 --ah----- c:\windows\system32\fabidadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 22:09 --------- d-----w c:\program files\Legacy
2008-12-01 19:53 --------- d-----w c:\program files\McAfee
2008-11-08 21:23 --------- d-----w c:\program files\Palm
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 03:33 112 ----a-w c:\documents and settings\Keith\delself.bat
2008-09-01 14:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090120080902\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-08-16 1531904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"CTHelper"="CTHELPER.EXE" [2005-09-20 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 c:\windows\system32\CTXFIHLP.EXE]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-02-27 221295]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2006-04-06 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
M-Audio Transit USB Control Panel Launcher.lnk - c:\program files\M-Audio Transit USB\TUSBTask.exe [2003-04-28 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\AceBIT\\WISE-FTP\\wise_ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Transit USBInstallerService;Transit USB Installer;c:\program files\M-Audio Transit USB\Install\TUSBInst.exe [2006-04-25 49152]
S1 cbidf2kk;cbidf2kk;c:\windows\system32\drivers\cbidf2kk.sys []
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\43D.tmp []
S3 ma763006;M-Audio Transit USB;c:\windows\system32\drivers\MA763006.sys [2006-04-25 41216]
S3 MADFU006;MADFU006;c:\windows\system32\DRIVERS\MADFU006.sys [2006-04-25 16512]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-03 356920]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -
BHO-{05c9fc96-07d0-4145-83aa-72345f97b4dc} - c:\windows\system32\veseyusi.dll
BHO-{2ef3bdbc-41a5-4537-aa79-170ea073d0ba} - c:\windows\system32\kmfppw.dll
BHO-{3f72a4a8-b97a-43fc-a5b3-aee19ee92c8a} - (no file)
BHO-{41f7b255-a777-4405-b40b-7cc10320c89c} - c:\windows\system32\wobezozu.dll
BHO-{476be1a6-f725-4afc-b8ad-7eb10a449963} - c:\windows\system32\zafusiyo.dll
BHO-{8D632AD5-B856-4782-A19C-6944FF12C8CB} - c:\windows\system32\ljJDSMfG.dll
BHO-{c9ef7147-8988-4da0-9836-fc6c163feffe} - c:\windows\system32\veseyusi.dll
BHO-{CB23E2CF-C270-8518-E3B0-41CFDE2048FF} - c:\windows\system32\gpermphniidu.dll
BHO-{d0926b67-2e2c-43ae-8c0f-c320c5e8f982} - c:\windows\system32\cmvcop.dll
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
HKLM-Run-CTXFIREG - CTxfiReg.exe
HKLM-Run-Wise-FTP Scheduler - (no file)
SSODL-OLESys-{86460DFF-ED6F-4554-B2DF-761DC409EEC7} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
SSODL-Explorer-{DB905DDF-1F52-40A2-8F17-C01206515967} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\wrdasdikvv.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.comuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
hxxp://www.google.comuInternet Connection Wizard,ShellNext =
hxxp://www.google.com/ig/dell?hl=enuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Keith\Application Data\Mozilla\Firefox\Profiles\y0qka3c9.default\
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-14 19:51:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\43D.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\gearsec.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Sony\MD Simple Burner\NetMDSB.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\CTXFISPI.EXE
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\MSC\mcupdmgr.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\progra~1\McAfee\MSC\mcupdui.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-14 19:58:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 00:58:12
Pre-Run: 37,254,447,104 bytes free
Post-Run: 36,228,390,912 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
299 --- E O F --- 2008-11-13 08:04:38
=========================================================================
SmitFraudFix v2.385
Scan done at 20:03:57.34, Sun 12/14/2008
Run from C:\Documents and Settings\Keith\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\M-Audio Transit USB\Install\TUSBInst.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\M-Audio Transit USB\TUSBTask.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Keith
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Keith\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Keith\Application Data
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\conf.sys FOUND !
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe FOUND !
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Keith\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3A4FE5F9-869C-4694-B1D3-1CAAAA09A6A9}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
================================================================================
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-12-14 21:12:24
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB015C9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB015CA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB015C958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB015C96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB015CA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB015CA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB015CAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB015CAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB015C9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB015CB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB015CA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB015C930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB015C944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB015C9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB015CB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB015CAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB015CAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB015CA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB015CB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB015CB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB015C996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB015C982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB015CA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB015CA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB015CB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB015CA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB015C9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B015C9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B015C9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B015C9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B015CA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B015C9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B015C934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B015C948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B015C986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B015C970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B015C95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B015C99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B015CA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP B015CAB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP B015CA9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP B015CB09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP B015CAC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP B015CA6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP B015CA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP B015CA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP B015CA85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP B015CAF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP B015CADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP B015CA31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP B015CB5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP B015CB33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP B015CB47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP B015CB1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F3A
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F4B
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070EF8
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070087
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070098
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F1F
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060069
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[852] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40089
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40078
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E4005B
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F77
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E400BF
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E400EE
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E40F4B
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E400FF
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E40040
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E400AE
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E4002F
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E40F5C
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E30FB2
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E30043
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E30FCD
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E30F86
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E30028
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E30FA1
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02420FEF
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02420F8A
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0242007F
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0242006E
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02420051
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02420FAF
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02420F52
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024200A4
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024200D0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02420F37
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 024200EB
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02420036
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02420FDE
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02420F79
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02420025
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02420014
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024200B5
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02410FD4
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02410FA8
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02410FE5
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0241001B
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0241005B
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02410000
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02410FC3
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 61, 8A ]
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0241004A
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10089
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10F94
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D1006E
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D100C1
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D100A4
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F43
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F5E
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D100F7
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D10F79
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D10025
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D100D2
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00FB2
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D0004A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00F8D
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D0002F
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D0001E
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE000A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A40FEF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A40F3A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A40F55
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A40F72
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A40F8D
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A40FA8
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A40F0E
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A40F1F
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A40EBD
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A40ED8
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02A40EAC
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02A4002F
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02A4000A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02A4004A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02A40FB9
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02A40FD4
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02A40EE9
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02A20FB2
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02A2004A
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02A20FC3
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02A20FD4
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02A20039
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02A20FE5
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02A20028
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02A20FA1
.text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03330000
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02A3000A
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02A3001B
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02A30FEF
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02A30FDE
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0080007D
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0080006C
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0080005B
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0080004A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800FA8
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F46
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F63
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008000C4
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008000A9
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 008000D5
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00800039
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0080008E
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00800FC3
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00800F2B
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007F0F79
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007F0FDB
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007F0011
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007F002C
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 007F0F94
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 9F, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007F0FA5
.text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1324] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F6D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0F88
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0062
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0FA5
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC008E
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F52
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00CE
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC00B3
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC00E9
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC007D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0036
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC0F2B
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CA0F80
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CA0FA5
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes JMP 50C03388
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CA0FC0
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00CB0FC0
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F68
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005D
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0042
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F83
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0082
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0EF3
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F04
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00A7
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F57
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[1412] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F29
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0087
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A002F
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002A005B
.text C:\WINDOWS\system32\dllhost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\dllhost.exe[1412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10071
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F86
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10054
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10FA1
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F50
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F61
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F1D
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F2E
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C10F02
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C10082
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[2608] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C10F3F
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00FCD
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C0005E
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C0001E
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00FA1
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C00FBC
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ E0, 88 ]
.text C:\WINDOWS\system32\svchost.exe[2608] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00039
.text C:\WINDOWS\system32\svchost.exe[2608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0F5C
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F79
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FA5
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0093
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F41
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F30
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD00C9
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F0B
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD006C
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[2652] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD00AE
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC002C
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CC0065
.text C:\WINDOWS\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F61
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0060
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F86
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0043
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0098
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F46
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F24
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F35
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F13
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0F97
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0071
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0014
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[3864] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00A9
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FB9
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290065
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA8
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290040
.text C:\WINDOWS\System32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029002F
.text C:\WINDOWS\System32\svchost.exe[3864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B000A
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0094
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0079
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0068
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAB
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0028
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F67
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F78
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F42
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00DB
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00F6
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0043
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00AF
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FBC
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\explorer.exe[5276] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00CA
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029002F
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029006C
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FDE
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FAF
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290051
.text C:\WINDOWS\explorer.exe[5276] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290040
.text C:\WINDOWS\explorer.exe[5276] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\explorer.exe[5276] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C000A
.text C:\WINDOWS\explorer.exe[5276] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\explorer.exe[5276] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C001B
.text C:\WINDOWS\explorer.exe[5276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0FA3
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B008E
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FB4
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F46
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00DF
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00C4
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0F2B
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0F88
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[5408] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B00A9
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0047
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FDB
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0011
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002B0F9B
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4B, 88 ]
.text C:\WINDOWS\system32\wuauclt.exe[5408] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B002C
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat AA209D20
AttachedDevice \FileSystem\Fastfat \Fat SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.14 ----
============================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:50, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\M-Audio Transit USB\Install\TUSBInst.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\M-Audio Transit USB\TUSBTask.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Keith\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: M-Audio Transit USB Control Panel Launcher.lnk = C:\Program Files\M-Audio Transit USB\TUSBTask.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cabO23 - Service: McAfee Application Installer Cleanup (0105711229302727) (0105711229302727mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010571~1.EXE
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Transit USB Installer (Transit USBInstallerService) - Nemesis - C:\Program Files\M-Audio Transit USB\Install\TUSBInst.exe
--
End of file - 13816 bytes