confiscated
Probably a bad choice of words. I am keeping her laptop, and not allowing her to do schoolwork on it. In addition, she isn't taking it to school and connecting to that wireless network, either. You should have a controlled environment for whatever follows.
Even if you removed that file, it's still there
I had no illusions about that. The comment was meant to convey two pieces of information: 1.) a standard delete was not allowed from the infected Windows OS, and 2.) I do have a bootable CD-ROM. I was just giving you the flavor of the CD's OS. I built the CD from official Microsoft XP licensed CDs, so I would hope that it is virus-free. If Windows ever gets completely non-functional, I would still be able to do something.
I don't want you to try any tools on your own, or remove files, except of the instructions i will give you
Yes I understand this statement, and I will refrain from doing anything else. Unfortunately, before I read this post, I tried one more thing: I renamed gmer.exe to random_name.exe. Then I could launch it (still from the flash drive). In case it generated helpful information, here it is:
GMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2009-01-15 19:31:46
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC7769CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEC776A61]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEC776978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEC77698C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEC776A75]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEC776AA1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEC776B14]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEC776AF9]
Code E1DF56D8 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC776A0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEC776B3E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEC776A4D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEC776950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEC776964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC7769DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEC776B7A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEC776AE3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEC776ACD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEC776A8B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEC776B66]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEC776B52]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEC7769B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEC7769A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEC776AB7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEC776A39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEC776B28]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC776A20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC7769F4]
Code EC92FEAB pIofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP EC7769F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP EC7769CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP EC776A0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP EC776A24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP E1DF56DC
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP EC7769E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP EC776954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP EC776968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP EC7769A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP EC776990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP EC77697C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP EC7769BA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP EC776A3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP EC776AD1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP EC776ABB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP EC776B2C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP EC776AE7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP EC776A8F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP EC776A65 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP EC776A79 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP EC776AA5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP EC776B18 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP EC776AFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP EC776A51 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP EC776B7E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP EC776B56 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP EC776B6A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP EC776B42 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01450FEF
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01450F54
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01450053
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01450036
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01450F79
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01450FA5
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01450092
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01450075
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014500AD
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01450F1E
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01450F03
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01450F94
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01450000
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01450064
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01450FC0
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01450011
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01450F39
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01440FCA
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01440FA8
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01440FE5
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0144001B
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0144005B
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01440000
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0144004A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01440FB9
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01420FDE
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01420FEF
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 01420016
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 01420031
.text C:\WINDOWS\system32\services.exe[1008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011B0000
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011B0F7E
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011B0F99
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011B007D
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011B006C
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011B0036
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011B00B0
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011B009F
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011B00F0
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011B00CB
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 011B0101
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 011B0051
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011B0FE5
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 011B008E
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 011B0025
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 011B0FD4
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 011B0F4D
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 011A0036
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 011A0FA5
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 011A001B
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 011A0FE5
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 011A0062
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 011A000A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 011A0FC0
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 3A, 89 ]
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 011A0047
.text C:\WINDOWS\system32\lsass.exe[1020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01180FEF
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01180000
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 0118001B
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 01180038
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02830000
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02830F9B
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02830090
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02830075
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02830FAC
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02830FD1
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028300ED
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028300D2
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02830F5E
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA + 2 7C80236D 3 Bytes [ EB, 02, 86 ]
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02830112
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02830058
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02830011
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 028300AB
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0283003D
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0283002C
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02830F80
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02820FB9
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0282006C
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02820FCA
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02820FEF
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02820051
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02820000
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02820040
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02820025
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 02800FD4
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 02800FEF
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 02800FC3
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 02800FA8
.text C:\WINDOWS\system32\svchost.exe[1188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 027F0FEF
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE005A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F65
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0F80
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE003D
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0F9B
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0097
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0086
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0EFE
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F0F
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00FE00BC
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00FE002C
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00FE0075
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00FE0F2A
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FD0047
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FD0FA5
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FD002C
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FD0011
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FD0FB6
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FD0062
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FD0FDB
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FB0000
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02730000
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02730F3E
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02730F4F
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02730F76
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02730033
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02730F9B
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0273007C
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0273005F
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02730F01
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02730F12
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 027300BF
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02730022
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02730FDB
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0273004E
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02730FC0
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02730011
.text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02730F23
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0272001B
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0272006C
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02720FCA
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0272000A
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02720047
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02720FEF
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02720FAF
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 92, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0272002C
.text C:\WINDOWS\System32\svchost.exe[1320] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 02100FDE
.text C:\WINDOWS\System32\svchost.exe[1320] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 02100FEF
.text C:\WINDOWS\System32\svchost.exe[1320] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 0210000A
.text C:\WINDOWS\System32\svchost.exe[1320] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 0210001B
.text C:\WINDOWS\System32\svchost.exe[1320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0FE5
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B0F48
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0047
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0F79
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0F8A
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0011
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B0073
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B0062
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B0084
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B0EF5
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007B0ED0
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007B0022
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007B0F37
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007B0FAF
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007B0F10
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007A0087
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007A0025
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007A006C
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 007A0051
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007A0040
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70F57
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E7004C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E70031
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E70F68
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E70089
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E70078
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E70F0B
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E70F26
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E700BF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E70F83
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E70FCA
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E70067
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E70F9E
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E70FB9
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E7009A
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E2002C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E20FA5
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E20058
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E20FB6
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 02, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E2003D
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00E0000C
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00E0001D
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F43
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0042
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F68
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0025
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0F94
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0070
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F28
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0EF2
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F03
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001C00B0
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001C0F83
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001C0053
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001C0FC3
.text C:\WINDOWS\system32\wuauclt.exe[1868] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001C008B
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002C0014
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002C0043
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002C0FC3
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002C0F7C
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002C0F97
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4C, 88 ]
.text C:\WINDOWS\system32\wuauclt.exe[1868] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[1868] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00810FDE
.text C:\WINDOWS\system32\wuauclt.exe[1868] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\wuauclt.exe[1868] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\wuauclt.exe[1868] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00810FB7
.text C:\WINDOWS\system32\wuauclt.exe[1868] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00820000
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01210FE5
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01210F4B
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01210040
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0121002F
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01210F72
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01210F83
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01210F1F
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0121005B
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01210EE2
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01210EF3
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0121008C
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0121000A
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01210FCA
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01210F30
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01210F94
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01210FB9
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01210F0E
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF002F
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF006F
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0FB2
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF0054
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\System32\svchost.exe[1932] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00860011
.text C:\WINDOWS\System32\svchost.exe[1932] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00860000
.text C:\WINDOWS\System32\svchost.exe[1932] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00860038
.text C:\WINDOWS\System32\svchost.exe[1932] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00860FE5
.text C:\WINDOWS\System32\svchost.exe[1932] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00850000
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014E0000
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014E004A
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014E0F55
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014E0F66
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 014E0F83
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014E0F9E
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014E0082
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014E0F3A
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014E00C2
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014E00B1
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 014E0F18
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 014E0025
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 014E0FE5
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 014E005B
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 014E0FAF
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 014E0FCA
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 014E0F29
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 014D0FCD
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 014D0054
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 014D0014
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 014D0FDE
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 014D0F8D
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 014D0FEF
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 014D002F
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 014D0FB2
.text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00D50000
.text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00D50025
.text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00D50FC8
.text C:\WINDOWS\Explorer.EXE[2040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B1000A
.text C:\WINDOWS\Explorer.EXE[2040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[2040] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00AB000A
.text C:\WINDOWS\Explorer.EXE[2040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B2000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2592] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B005D
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F72
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F83
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F94
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F26
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0078
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EF7
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B009A
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0EE6
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0F4D
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\dllhost.exe[3084] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0089
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B005B
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F9E
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B0040
.text C:\WINDOWS\system32\dllhost.exe[3084] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\dllhost.exe[3084] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\dllhost.exe[3084] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\dllhost.exe[3084] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00700FD4
.text C:\WINDOWS\system32\dllhost.exe[3084] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00700FC3
.text C:\WINDOWS\system32\dllhost.exe[3084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F6B
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00060
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00F7C
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C0007D
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F35
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00EF5
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F10
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C00EDA
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C00F50
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[3392] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C0008E
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[3392] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[3392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80089
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E8006E
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80FA5
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E8002C
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F68
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E800B0
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F28
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800CB
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E800DC
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E80047
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[3408] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E80F57
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E70FB9
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E70051
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E70040
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E70F9E
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 07, 89 ]
.text C:\WINDOWS\system32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\svchost.exe[3408] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00E5001B
.text C:\WINDOWS\system32\svchost.exe[3408] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[3408] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\system32\svchost.exe[3408] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00E50FC8
.text C:\WINDOWS\system32\svchost.exe[3408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40000
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Modules - GMER 1.0.14 ----
Module \systemroot\system32\drivers\TDSSmhct.sys (*** hidden *** ) EC92E000-EC940000 (73728 bytes)
---- Threads - GMER 1.0.14 ----
Thread 4:488 EC930D66
---- Services - GMER 1.0.14 ----
Service C:\WINDOWS\system32\drivers\TDSSmhct.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtvd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhct.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtvd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 95
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid 461
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1
---- EOF - GMER 1.0.14 ----
And now the HijackThis log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:55 PM, on 1/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spyware Guard 2009\spywareguard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.livejournal.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://h20239.www2.hp.com/techcenter/HP ... scheck.htmF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O1 - Hosts: 72.233.90.98
www.malwareremoval.comO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2009\spywareguard.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ieModule - {746C7839-E492-4D45-9392-EEF0DE53C39F} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {81E5D0D9-FD2E-4808-BD51-E430B34E78F7} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\jzfhthayjz.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 11823 bytes
Thank you for your efforts. I await further instructions.
Best regards,
trags