c:\program files\common files\lightscribe\lssrvc.exe (LightScribeService)
(LightScribeService Direct Disc Labeling Service) (Hewlett-Packard Company)
(984ecb68ed2a2b2e6a544e87e24fba2d)
c:\program files\kodak\kodak picture transfer software\ptssvc.exe (ptssvc) (ptssvc)
(Unknown) (e1855061710a925032249539f3f1a73d)
slserv.exe (SLService) (SmartLinkService) (Smart Link) (d41d8cd98f00b204e9800998ecf8427e)
c:\windows\system32\zonelabs\vsmon.exe (vsmon) (TrueVector Internet Monitor) (Check Point
Software Technologies LTD) (589a8b75fd731f8e186292275f3f3692)
C:\Program Files\NOS\bin\getPlus_Helper.dll (68000 bytes) (NOS Microsystems Ltd.) (1/2/2010
2:00:45 PM) (--A-) (0879dc7444a201df84e69c5dd5083d61)
- Unknown files in Winsock LSP
- Unknown files in CLSID
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGControl.dll (491574 bytes) (Adobe Systems
Incorporated) (4/9/2008 7:50:19 PM) (--A-) (90d5a849e8df91f94fe965e145818215)
C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL (175968 bytes) (Unknown) (6/30/2007 8:09:06
PM) (--A-) (bcd0a5c3c1715c363cb3f321abe31514)
C:\WINDOWS\system32\OGACheckControl.dll (403816 bytes) (Unknown) (8/3/2009 4:07:42 PM) (--A
-) (10c03f5479e6bd73c9cb3dfde9fa4c2e)
C:\WINDOWS\system32\threed32.ocx (205848 bytes) (Sheridan Software Systems, Inc.) (12/2/2003
10:19:09 AM) (--A-) (63b70d0ba6990e04ec37b9e3ead762b3)
C:\WINDOWS\system32\hypertrm.dll (347136 bytes) (Hilgraeve, Inc.) (8/22/2008 6:15:14 PM) (-
-A-) (277bdf16a94be0d063988d692541650b)
C:\WINDOWS\system32\ir50_32.dll (755200 bytes) (Intel Corporation) (8/4/2004 6:00:00 AM) (-
-A-) (5f10dc19d92ccf6b719b494572f4f74b)
C:\WINDOWS\system32\VSFLEX3.OCX (225280 bytes) (VideoSoft) (1/5/1999 5:30:02 PM) (--A-)
(c758ebc719c0d07b1b0e251c77f11bfd)
C:\WINDOWS\system32\MIDIFL32.OCX (52224 bytes) (Unknown) (7/15/2001 1:19:02 PM) (--A-)
(ad5724821febd3d0e12bcf55de9e32ea)
C:\WINDOWS\system32\Hpousd05.dll (50848 bytes) (Windows (R) 2000 DDK provider) (5/2/2008
12:31:47 AM) (--A-) (3f1c412a42120c0704d2fd14360daa86)
C:\WINDOWS\system32\ir41_32.ax (848384 bytes) (Intel Corporation) (8/4/2004 6:00:00 AM) (--
A-) (948e1498c6438625247f94534aaa82fe)
C:\WINDOWS\system32\l3codecx.ax (83456 bytes) (Fraunhofer Institut Integrierte Schaltungen
IIS) (8/4/2004 6:00:00 AM) (--A-) (b5a7a5a67ecc144117d1e7d5352a2f6a)
C:\WINDOWS\system32\acelpdec.ax (61952 bytes) (Sipro Lab Telecom Inc.) (8/4/2004 6:00:00 AM)
(--A-) (d0a33c77354a6f12ccd8034e4429a30d)
C:\WINDOWS\system32\MIDIIO32.OCX (61952 bytes) (Unknown) (7/15/2001 1:32:04 PM) (--A-)
(d75ae4ef5ccd747c1c12f5accb6f005c)
C:\WINDOWS\system32\hticons.dll (44544 bytes) (Hilgraeve, Inc.) (11/2/2008 11:02:34 AM) (--
A-) (f759a6e14403bc3d7a55ccad1b8f7b4a)
C:\WINDOWS\system32\CmdLineExt.dll (107888 bytes) (Sony DADC Austria AG.) (3/21/2009
12:13:06 AM) (--A-) (ccec125c8a9d90e2c27fc73bde97772b)
C:\WINDOWS\system32\actskin4.ocx (380928 bytes) (Unknown) (2/16/2008 3:40:18 PM) (--A-)
(99825c8aed2fa0ac76aa0fad770f44c1)
C:\WINDOWS\system32\HSlide32.OCX (61872 bytes) (Unknown) (6/11/2008 8:54:42 AM) (--A-)
(2dab57153ed40dcd8a021f69c14b0299)
C:\WINDOWS\system32\CoachWia.dll (96768 bytes) (FotoNation) (4/6/2009 7:13:10 PM) (--A-)
(d1a846757fa77dc56fb75cd4a80ddfd1)
C:\WINDOWS\system32\ivfsrc.ax (154624 bytes) (Intel Corporation) (8/4/2004 6:00:00 AM) (--A
-) (f7aceef4b13e8035ded875978b40c998)
C:\WINDOWS\system32\deploytk.dll (410984 bytes) (Sun Microsystems, Inc.) (2/21/2009 11:25:35
AM) (--A-) (d14bfab125e34b0f1bc152b92fb02d94)
C:\WINDOWS\system32\CoachDlg.dll (16896 bytes) (FotoNation Inc.) (4/6/2009 7:13:10 PM) (--A
-) (3fb1f0c7678b0c0841e2d33a78fad6df)
tcpsvcs.exe -> 0.0.0.0:7 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:9 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:13 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:17 -> 0.0.0.0:0 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:19 -> 0.0.0.0:0 -> LISTENING
inetinfo.exe -> 0.0.0.0:25 -> 0.0.0.0:0 -> LISTENING
inetinfo.exe -> 0.0.0.0:80 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 0.0.0.0:135 -> 0.0.0.0:0 -> LISTENING
inetinfo.exe -> 0.0.0.0:443 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:53303 -> LISTENING
inetinfo.exe -> 0.0.0.0:1025 -> 0.0.0.0:0 -> LISTENING
N/A -> 96.18.111.243:139 -> 0.0.0.0:2080 -> LISTENING
tcpsvcs.exe -> 0.0.0.0:7 -> *.*
tcpsvcs.exe -> 0.0.0.0:9 -> *.*
tcpsvcs.exe -> 0.0.0.0:13 -> *.*
tcpsvcs.exe -> 0.0.0.0:17 -> *.*
tcpsvcs.exe -> 0.0.0.0:19 -> *.*
N/A -> 0.0.0.0:445 -> *.*
inetinfo.exe -> 0.0.0.0:3456 -> *.*
svchost.exe -> 0.0.0.0:3544 -> *.*
svchost.exe -> 96.18.111.243:123 -> *.*
N/A -> 96.18.111.243:137 -> *.*
N/A -> 96.18.111.243:138 -> *.*
svchost.exe -> 96.18.111.243:520 -> *.*
svchost.exe -> 96.18.111.243:1041 -> *.*
svchost.exe -> 96.18.111.243:1900 -> *.*
svchost.exe -> 127.0.0.1:123 -> *.*
svchost.exe -> 127.0.0.1:1026 -> *.*
svchost.exe -> 127.0.0.1:1900 -> *.*
127.0.0.1
www.007guard.com127.0.0.1 007guard.com
(I have about 150 pages of additional Hosts files)
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->GetProcAddress -> ShimEng.dll -> IAT
[SSDT] NtClose -> 0xEEB56CD2 -> 0x80567A6D -> aswSP.SYS
[SSDT] NtConnectPort -> 0xEECA1534 -> 0x80588DBB -> vsdatant.sys