Here are the scans and hijack this log file as requested.
Kaspersky--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, April 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, April 05, 2009 15:56:33
Records in database: 2015080
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 83029
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:31:08
File name / Threat name / Threats count
C:\Documents and Settings\Sonya\Desktop\BBDesktopHelpInstallDV.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 2
C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
The selected area was scanned.
GMERGMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-07 16:35:23
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEEED644A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEEED64E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEED63F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEEED640C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEEED64F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEEED6521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEEED658F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEEED6579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEED648A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEEED65BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEEED64CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEEED63D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEEED63E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEED645E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEEED65F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEEED6563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEEED654D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEEED650B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEEED65E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEEED65CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEEED6436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEEED6422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEEED6537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEEED64B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEEED65A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEED64A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEED6474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EEED6478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EEED64D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EEED6551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EEED644E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EEED6426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EEED64E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EEED65FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EEED6593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EEED63D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EEED6462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EEED653B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EEED64A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EEED648E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EEED6410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EEED64BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EEED63E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EEED65BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EEED657D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EEED6525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EEED64F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EEED63FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EEED643A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EEED65A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EEED6567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EEED650F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EEED65D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EEED65E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[188] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40F70
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40065
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40F81
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40F9E
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B40F1D
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40F44
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400A2
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B40091
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B400B3
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B40FB9
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B40F55
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40040
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B40080
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30F68
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B30FCA
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B30FDB
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B30F8D
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B30F9E
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [D3, 88]
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30FAF
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20031
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20F9C
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FD2
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FAD
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FE3
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D40079
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D4005E
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40F84
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40043
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D4001E
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D400B6
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D4009B
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D400EC
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D400D1
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D400FD
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D40FA1
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D4008A
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D40FB2
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D40FC3
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D40F53
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF0076
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF0065
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EF, 88]
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0055
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0044
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0033
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\services.exe[588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F3D
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0028
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F5A
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F6B
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0F97
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F0F
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F2C
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB008D
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0EF4
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BB0ED9
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BB0F86
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BB0057
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BB0FB2
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BB0068
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BA003D
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BA0095
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BA0084
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BA005F
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BA004E
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B9004E
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90033
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90022
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\lsass.exe[600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0089
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0078
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F9E
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FAF
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD003D
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F52
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F6D
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F26
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F37
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00AD0F0B
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00AD00A4
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00AD0FD1
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00AD00B5
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AC002C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AC007D
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AC0011
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AC006C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00AC0FC0
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AC003D
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0042
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0031
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FC8
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FB7
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C400A1
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40090
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C40FB6
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C40FD1
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40058
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C400FE
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C400E3
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40F65
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40F80
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C40119
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C40073
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C400BC
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C40047
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C40036
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C40F91
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C30FA5
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C30FC0
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C30058
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C30047
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FA6
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20027
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC8
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FB7
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C2000C
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C1000A
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0000
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D00C9
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D00AE
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0087
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D0FCA
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D0047
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D00F5
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0FAD
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0121
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D0106
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 027D0F6D
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 027D006C
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 027D001B
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 027D00E4
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 027D0FDB
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 027D002C
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 027D0F92
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 027B0FAF
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 027B0036
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 027B0FD4
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 027B0FE5
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 027B0F79
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 027B0000
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 027B001B
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 027B0F94
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 027A0038
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 027A0FAD
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 027A001D
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 027A0FE3
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 027A0FC8
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 027A0000
.text C:\WINDOWS\System32\svchost.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02790000
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 027C0FEF
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 027C000A
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 027C0025
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 027C0FD4
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F7E
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650073
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F48
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0065009A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500DA
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500B5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 006500EB
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F63
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650F37
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640FBC
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0064006F
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0064005E
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00640043
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640028
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FB7
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630042
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20058
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F6D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F8A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F9B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20073
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F2D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20EFF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20EDA
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C2003D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F3E
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C20F10
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009B0F68
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009B0FDB
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009B0F83
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 009B0F94
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A005F
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A004E
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0018
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A003D
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 009C0040
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F88
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F99
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F50
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0098
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C4
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0058
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F6D
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00B3
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029003D
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290FBD
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0029002C
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0029007A
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290069
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029004E
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F8B
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FA6
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC8
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FB7
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E000C
.text C:\WINDOWS\System32\svchost.exe[2508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0089
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F77
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00BF
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F55
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F66
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00AE
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00DA
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029007D
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA3
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A002E
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A000C
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[2988] ws2_32.dll!socket 71AB4211 5 Bytes JMP 017A0000
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00A1
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0090
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B007F
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FB6
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00EA
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00D9
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F6C
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F7D
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0120
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B00BC
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B00FB
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F95
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0020
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FB0
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0098
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B007D
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B005B
.text C:\WINDOWS\system32\wuauclt.exe[3304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0FEF
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Hijack this log fileLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:41, on 07/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Boys\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://login.live.com/ppsecure/sha1auth.srf?lc=2057O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
--
End of file - 7014 bytes