Thread: Suspected Infection ?
View Single Post
Old 12-05-2008, 10:36 AM   #2 (permalink)
jason@jason859.
Registered User
 
jason@jason859.'s Avatar
 
Join Date: Sep 2005
Posts: 41
OS: win xp


Re: suspected infection ?
sorry guys i ve been a bit vague about my prob but i really don't know where to begin on it please find attached DDS and GMER logs for u to look at thanks once again for your time.


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-05 13:14:39
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF74CE818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF74CE7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF74C2A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74C32A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF74CE910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF74CE794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74C32C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF74CE866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74CE0B0]
SSDT sptd.sys ZwSetValueKey [0xF7505D56]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA721F20]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA6649CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA664978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA66498C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA664A76]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA664AA2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA664A0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA664B39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA664950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA664964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA6649DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA664AE4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA664A8C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA664B61]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA664B4D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA6649B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA6649A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA664A39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA664B23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA664A20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA6649F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A6A 7 Bytes JMP AA6649F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP AA6649CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC0 5 Bytes JMP AA6649A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF1 5 Bytes JMP AA664A24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E369 7 Bytes JMP AA664A0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80581702 5 Bytes JMP AA664954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581889 7 Bytes JMP AA6649E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP AA664990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP AA664A3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80591F8B 7 Bytes JMP AA664AA6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80593334 7 Bytes JMP AA664A7A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0470 5 Bytes JMP AA66497C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1939 5 Bytes JMP AA664968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E218F 5 Bytes JMP AA664B3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635947 5 Bytes JMP AA6649BA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DB2 7 Bytes JMP AA664B27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806556D8 7 Bytes JMP AA664AE8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655B56 7 Bytes JMP AA664A90 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80656049 5 Bytes JMP AA664B51 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806564B2 5 Bytes JMP AA664B65 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\windows\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B78158AC 5 Bytes JMP 8A9B91B8

---- User code sections - GMER 1.0.14 ----

.text C:\windows\system32\services.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01100000
.text C:\windows\system32\services.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01100F83
.text C:\windows\system32\services.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0110006E
.text C:\windows\system32\services.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01100051
.text C:\windows\system32\services.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01100F94
.text C:\windows\system32\services.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01100036
.text C:\windows\system32\services.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011000BA
.text C:\windows\system32\services.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0110009D
.text C:\windows\system32\services.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01100F46
.text C:\windows\system32\services.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011000DF
.text C:\windows\system32\services.exe[772] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 011000FA
.text C:\windows\system32\services.exe[772] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01100FAF
.text C:\windows\system32\services.exe[772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01100FEF
.text C:\windows\system32\services.exe[772] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01100F72
.text C:\windows\system32\services.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01100025
.text C:\windows\system32\services.exe[772] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01100FD4
.text C:\windows\system32\services.exe[772] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01100F61
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 010F002C
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 010F0F94
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 010F0FE5
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 010F0011
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 010F0051
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 010F0000
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 010F0FAF
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 2F, 89 ]
.text C:\windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 010F0FC0
.text C:\windows\system32\services.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011B0FEF
.text C:\windows\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011B0FA8
.text C:\windows\system32\lsass.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011B009D
.text C:\windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011B0FB9
.text C:\windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011B0076
.text C:\windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011B0FD4
.text C:\windows\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011B0F5F
.text C:\windows\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011B0F70
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011B0F29
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011B0F3A
.text C:\windows\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 011B00DD
.text C:\windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 011B005B
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011B000A
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 011B0F8D
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 011B0040
.text C:\windows\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 011B0025
.text C:\windows\system32\lsass.exe[792] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 011B00C2
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01190FB9
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0119006C
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01190FCA
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0119000A
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01190051
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01190FE5
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01190040
.text C:\windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0119002F
.text C:\windows\system32\lsass.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\windows\system32\lsass.exe[792] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 011A0000
.text C:\windows\system32\lsass.exe[792] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 011A0FE5
.text C:\windows\system32\lsass.exe[792] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 011A0011
.text C:\windows\system32\lsass.exe[792] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 011A0FB6
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B4000A
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B400C9
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B400AE
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40093
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40076
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B4004A
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B40F92
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40FAF
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B40F52
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B40F6D
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B40F41
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B4005B
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B40FEF
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B400DA
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40FD4
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40025
.text C:\windows\system32\svchost.exe[1004] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B400EB
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B30FB9
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30F9E
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B30FCA
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B3000A
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B3005B
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B30FEF
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B30040
.text C:\windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30025
.text C:\windows\system32\svchost.exe[1004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B1000A
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C70FEF
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C7004C
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C70F57
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70F72
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C70F83
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70025
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C7007D
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C70F2B
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C70EE4
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70EFF
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C70098
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C70F9E
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C70FDE
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C70F3C
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C70FC3
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C70014
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C70F10
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C6001B
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C60062
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C60FCA
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C60000
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C60051
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C60FE5
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C60036
.text C:\windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C60FAF
.text C:\windows\system32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C40FEF
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0FEF
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D0F5E
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D0F6F
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0047
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D0F8A
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D0FA5
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D0F2B
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0F3C
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0F09
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D0F1A
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 027D00C7
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 027D002C
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 027D0000
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 027D0F4D
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 027D0011
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 027D0FCA
.text C:\windows\System32\svchost.exe[1112] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 027D0098
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01F20FC3
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01F20F8D
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01F2000A
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01F20FD4
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01F2004A
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01F20FEF
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01F20039
.text C:\windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01F20FB2
.text C:\windows\System32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F00FEF
.text C:\windows\System32\svchost.exe[1112] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01F3000A
.text C:\windows\System32\svchost.exe[1112] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01F3001B
.text C:\windows\System32\svchost.exe[1112] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01F30036
.text C:\windows\System32\svchost.exe[1112] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01F30051
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660000
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660058
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F63
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F7E
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660FA5
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660047
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006600A1
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660084
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600D4
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006600C3
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00660F20
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00660FC0
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0066001B
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00660073
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00660036
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00660FE5
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 006600B2
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00650FC3
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0065004A
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00650FDE
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00650014
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00650039
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00650FEF
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00650F97
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 85, 88 ]
.text C:\windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00650FB2
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C000A
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0089
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C006E
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0F94
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0FA5
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0FD1
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C0F6D
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C00B5
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00FC
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C00E1
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007C0F3E
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007C0FB6
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C001B
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007C00A4
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007C003D
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007C002C
.text C:\windows\system32\svchost.exe[1220] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007C00D0
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007B002C
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007B0F9E
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007B001B
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007B000A
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007B0FAF
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007B0FEF
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 007B0051
.text C:\windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007B0FCA
.text C:\windows\system32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C000A
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C80000
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C80F63
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80F74
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C8004E
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C8003D
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C8002C
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C80F37
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C8007F
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C800AE
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C80F15
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C800C9
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C80F9B
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C80FE5
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C80F48
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C80FCA
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C8001B
.text C:\windows\system32\svchost.exe[1304] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C80F26
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A10F9E
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A10F68
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A10FB9
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A10FD4
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A10F79
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A10FE5
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00A10025
.text C:\windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A1000A
.text C:\windows\system32\svchost.exe[1304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009F000A
.text C:\windows\system32\svchost.exe[1304] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A20FEF
.text C:\windows\system32\svchost.exe[1304] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A20014
.text C:\windows\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A20FDE
.text C:\windows\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00A20FCD
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660000
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660F7B
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660070
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F96
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660055
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660044
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0066009C
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F60
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660F39
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006600DC
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 006600F7
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00660FB3
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00660011
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0066008B
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00660033
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00660022
.text C:\windows\system32\svchost.exe[1564] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 006600B7
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00650014
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00650F8D
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00650FB9
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00650FD4
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00650F9E
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00650FEF
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00650040
.text C:\windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00650025
.text C:\windows\system32\svchost.exe[1564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1784] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B60FEF
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B60F7A
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B60F8B
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60FB2
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60065
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B6002F
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B60F49
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B6009B
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B60F1D
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B60F2E
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B600C7
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B60054
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B60014
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B6008A
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B60FC3
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B60FDE
.text C:\windows\system32\svchost.exe[2052] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B600B6
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B50FB9
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B50F8D
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B5000A
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B50FD4
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B50040
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B50FEF
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B5002F
.text C:\windows\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B50F9E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2216] kernel32.dll!MultiByteToWideChar 7C809C88 5 Bytes JMP 00C773AD C:\windows\system32\urqQGYSk.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2216] WS2_32.dll!send 71AB4C27 5 Bytes JMP 1000CEA6 C:\windows\system32\yduiws.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2216] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 10015472 C:\windows\system32\yduiws.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751452C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8AC161D8
Device \FileSystem\Ntfs \Ntfs 8ABAAB60

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8A208980
Device \FileSystem\Fastfat \FatCdrom 8A9FCA88
Device \FileSystem\Udfs \UdfsCdRom 8A226980
Device \FileSystem\Udfs \UdfsCdRom 8A312CA8
Device \FileSystem\Udfs \UdfsDisk 8A226980
Device \FileSystem\Udfs \UdfsDisk 8A312CA8
Device \Driver\usbstor \Device\0000009b 8903A980
Device \Driver\usbstor \Device\0000009b sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{AC3FBEC7-7AED-49AC-8515-38632EA73961} 8A1BF980
Device \Driver\usbuhci \Device\USBPDO-0 8AA08980
Device \Driver\usbuhci \Device\USBPDO-1 8AA08980
Device \Driver\usbuhci \Device\USBPDO-2 8AA08980
Device \Driver\usbuhci \Device\USBPDO-3 8AA08980
Device \Driver\usbehci \Device\USBPDO-4 8AA80980

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC181D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC181D8
Device \Driver\Cdrom \Device\CdRom0 8A72AF00
Device \Driver\Cdrom \Device\CdRom0 8A6B9D10
Device \Driver\Cdrom \Device\CdRom0 8A987010
Device \FileSystem\Rdbss \Device\FsWrap 8A1D3178
Device \Driver\Cdrom \Device\CdRom1 8A72AF00
Device \Driver\Cdrom \Device\CdRom1 8A6B9D10
Device \Driver\Cdrom \Device\CdRom1 8A987010
Device \Driver\atapi \Device\Ide\IdePort0 8A74E898
Device \Driver\atapi \Device\Ide\IdePort0 8A6632B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A74E898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A6632B8
Device \Driver\atapi \Device\Ide\IdePort1 8A74E898
Device \Driver\atapi \Device\Ide\IdePort1 8A6632B8
Device \Driver\atapi \Device\Ide\IdePort2 8A74E898
Device \Driver\atapi \Device\Ide\IdePort2 8A6632B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A74E898
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A6632B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 8A74E898
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 8A6632B8
Device \Driver\Cdrom \Device\CdRom2 8A72AF00
Device \Driver\Cdrom \Device\CdRom2 8A6B9D10
Device \Driver\Cdrom \Device\CdRom2 8A987010
Device \Driver\Cdrom \Device\CdRom3 8A72AF00
Device \Driver\Cdrom \Device\CdRom3 8A6B9D10
Device \Driver\Cdrom \Device\CdRom3 8A987010
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1BF980
Device \Driver\usbstor \Device\00000090 8903A980
Device \Driver\usbstor \Device\00000090 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000091 8903A980
Device \Driver\usbstor \Device\00000091 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 8A1BF980
Device \FileSystem\Srv \Device\LanmanServer 8A2DB3A8

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbstor \Device\00000096 8903A980
Device \Driver\usbstor \Device\00000096 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbstor \Device\00000097 8903A980
Device \Driver\usbstor \Device\00000097 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000098 8903A980
Device \Driver\usbstor \Device\00000098 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000099 8903A980
Device \Driver\usbstor \Device\00000099 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-0 8AA08980
Device \Driver\usbuhci \Device\USBFDO-1 8AA08980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A19F4E0
Device \Driver\usbuhci \Device\USBFDO-2 8AA08980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A19F4E0
Device \Driver\usbuhci \Device\USBFDO-3 8AA08980
Device \FileSystem\Npfs \Device\NamedPipe 8A2C7378
Device \Driver\usbehci \Device\USBFDO-4 8AA80980
Device \Driver\Ftdisk \Device\FtControl 8AC181D8
Device \FileSystem\Msfs \Device\Mailslot 8A2E6668
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 8A6E54F8
Device \Driver\axsaki \Device\Scsi\axsaki1Port4Path0Target0Lun0 8A3D52D0
Device \Driver\axsaki \Device\Scsi\axsaki1Port4Path0Target0Lun0 8A6606E8
Device \Driver\axsaki \Device\Scsi\axsaki1 8A3D52D0
Device \Driver\axsaki \Device\Scsi\axsaki1 8A6606E8
Device \Driver\d347prt \Device\Scsi\d347prt1 8A6E54F8
Device \Driver\usbstor \Device\0000009a 8903A980
Device \Driver\usbstor \Device\0000009a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 8A208980
Device \FileSystem\Fastfat \Fat 8A9FCA88

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A2ED5E8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A2ED5E8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A2ED5E8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A2ED5E8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A2ED5E8
Device \FileSystem\Cdfs \Cdfs 8A1A0980
Device \FileSystem\Cdfs \Cdfs 8A21AC98

---- Modules - GMER 1.0.14 ----

Module _________ BA7E8000-BA800000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xEA 0xAA 0xA1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0xBF 0xB9 0xD9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0x4D 0xD8 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xEA 0xAA 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0xBF 0xB9 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0x4D 0xD8 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee750143f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee750143f@001b59379b8f 0xF5 0x4B 0x48 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0xF8 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z5 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z6 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z7 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z8 0x38 0x89 0x94 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1881078541
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1401951717
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8B 0x43 0x6E 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0x8C 0x82 0xAD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xEA 0xAA 0xA1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0xBF 0xB9 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0x4D 0xD8 0x9D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xEA 0xAA 0xA1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0xBF 0xB9 0xD9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0x4D 0xD8 0x9D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xEA 0xAA 0xA1 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0xBF 0xB9 0xD9 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD7 0x4D 0xD8 0x9D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x0E 0xCB 0x8E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE1 0x31 0xCF 0xA6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x22 0x34 0x18 0x68 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0xEA 0xAA 0xA1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x55 0xBF 0xB9 0xD9 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0E 0x70 0x6C 0xCB ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8B 0x43 0x6E 0x74 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0x8C 0x82 0xAD ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\000ee750143f
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\000ee750143f@001b59379b8f 0xF5 0x4B 0x48 0xA4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8B 0x43 0x6E 0x74 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0x8C 0x82 0xAD ...

---- EOF - GMER 1.0.14 ----
Attached Files
File Type: txt DDS.txt (19.0 KB, 2 views)
jason@jason859. is offline