chaos662
2009-01-04, 17:01
Virtumond and others have been found on this computer, any help is greatly appreciated!
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:08 AM, on 1/4/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\serverappliance\srvcsurg.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\security\svchost.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msnaoed.exe
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\soxpeca.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Steven Label Corporation
O2 - BHO: (no name) - {1910ED47-7A77-407E-8A8B-0D8BE9B0B802} - C:\WINDOWS\system32\byXNhiFx.dll
O2 - BHO: (no name) - {314747C0-1321-4BCE-B9A3-E243E8C04E58} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96DF6B00-ED29-47E3-BB6E-645660BA1F7C} - (no file)
O2 - BHO: (no name) - {A8D301C1-72B9-4B90-B5FA-9CA2C86E65A9} - (no file)
O2 - BHO: (no name) - {ee8c888f-dadb-4c94-a884-85667c7d4edd} - C:\WINDOWS\system32\pupukiri.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [fedopenaro] Rundll32.exe "C:\WINDOWS\system32\hekayadi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [fedopenaro] Rundll32.exe "C:\WINDOWS\system32\hekayadi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fedopenaro] Rundll32.exe "C:\WINDOWS\system32\hekayadi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://m1.2mdn.net
O15 - ESC Trusted Zone: http://switch.atdmt.com
O15 - ESC Trusted Zone: http://www.cdw.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://welcome.hp-ww.com
O15 - ESC Trusted Zone: http://custsurvey.external.hp.com
O15 - ESC Trusted Zone: http://h10025.www1.hp.com
O15 - ESC Trusted Zone: http://h18030.www1.hp.com
O15 - ESC Trusted Zone: http://h20141.www2.hp.com
O15 - ESC Trusted Zone: http://h20180.www2.hp.com
O15 - ESC Trusted Zone: http://h71016.www7.hp.com
O15 - ESC Trusted Zone: http://search.hp.com
O15 - ESC Trusted Zone: http://welcome.hp.com
O15 - ESC Trusted Zone: http://www.hp.com
O15 - ESC Trusted Zone: http://js.shared.live.com
O15 - ESC Trusted Zone: http://onecare.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://shared.live.com
O15 - ESC Trusted Zone: http://sales.liveperson.net
O15 - ESC Trusted Zone: http://mail.marcmcmillin.com
O15 - ESC Trusted Zone: http://www.mcafee.com
O15 - ESC Trusted Zone: http://www.me.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://secure.quantserve.com
O15 - ESC Trusted Zone: http://js.revsci.net
O15 - ESC Trusted Zone: http://img.shopping.com
O15 - ESC Trusted Zone: http://www.shopping.com
O15 - ESC Trusted Zone: http://www.spamarrest.com
O15 - ESC Trusted Zone: http://www.tumri.net
O15 - ESC Trusted Zone: http://statse.webtrendslive.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://mail.yimg.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218587995215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = STEVENLABEL.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = STEVENLABEL.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{615CC66D-4DD7-408A-9FFB-9056E6C898D5}: NameServer = 192.168.4.251,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = STEVENLABEL.LOCAL
O20 - AppInit_DLLs: C:\WINDOWS\system32\vegilizi.dll
O20 - Winlogon Notify: jkkKbbay - C:\WINDOWS\SYSTEM32\jkkKbbay.dll
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mabidwe - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft File Manager Services (mscdcosd) - Unknown owner - C:\WINDOWS\system32\mscdco.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe
--
End of file - 9407 bytes
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:08 AM, on 1/4/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\serverappliance\srvcsurg.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\security\svchost.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msnaoed.exe
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\soxpeca.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Steven Label Corporation
O2 - BHO: (no name) - {1910ED47-7A77-407E-8A8B-0D8BE9B0B802} - C:\WINDOWS\system32\byXNhiFx.dll
O2 - BHO: (no name) - {314747C0-1321-4BCE-B9A3-E243E8C04E58} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96DF6B00-ED29-47E3-BB6E-645660BA1F7C} - (no file)
O2 - BHO: (no name) - {A8D301C1-72B9-4B90-B5FA-9CA2C86E65A9} - (no file)
O2 - BHO: (no name) - {ee8c888f-dadb-4c94-a884-85667c7d4edd} - C:\WINDOWS\system32\pupukiri.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [fedopenaro] Rundll32.exe "C:\WINDOWS\system32\hekayadi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [fedopenaro] Rundll32.exe "C:\WINDOWS\system32\hekayadi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fedopenaro] Rundll32.exe "C:\WINDOWS\system32\hekayadi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://m1.2mdn.net
O15 - ESC Trusted Zone: http://switch.atdmt.com
O15 - ESC Trusted Zone: http://www.cdw.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://welcome.hp-ww.com
O15 - ESC Trusted Zone: http://custsurvey.external.hp.com
O15 - ESC Trusted Zone: http://h10025.www1.hp.com
O15 - ESC Trusted Zone: http://h18030.www1.hp.com
O15 - ESC Trusted Zone: http://h20141.www2.hp.com
O15 - ESC Trusted Zone: http://h20180.www2.hp.com
O15 - ESC Trusted Zone: http://h71016.www7.hp.com
O15 - ESC Trusted Zone: http://search.hp.com
O15 - ESC Trusted Zone: http://welcome.hp.com
O15 - ESC Trusted Zone: http://www.hp.com
O15 - ESC Trusted Zone: http://js.shared.live.com
O15 - ESC Trusted Zone: http://onecare.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://shared.live.com
O15 - ESC Trusted Zone: http://sales.liveperson.net
O15 - ESC Trusted Zone: http://mail.marcmcmillin.com
O15 - ESC Trusted Zone: http://www.mcafee.com
O15 - ESC Trusted Zone: http://www.me.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://secure.quantserve.com
O15 - ESC Trusted Zone: http://js.revsci.net
O15 - ESC Trusted Zone: http://img.shopping.com
O15 - ESC Trusted Zone: http://www.shopping.com
O15 - ESC Trusted Zone: http://www.spamarrest.com
O15 - ESC Trusted Zone: http://www.tumri.net
O15 - ESC Trusted Zone: http://statse.webtrendslive.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://mail.yimg.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218587995215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = STEVENLABEL.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = STEVENLABEL.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{615CC66D-4DD7-408A-9FFB-9056E6C898D5}: NameServer = 192.168.4.251,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = STEVENLABEL.LOCAL
O20 - AppInit_DLLs: C:\WINDOWS\system32\vegilizi.dll
O20 - Winlogon Notify: jkkKbbay - C:\WINDOWS\SYSTEM32\jkkKbbay.dll
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mabidwe - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft File Manager Services (mscdcosd) - Unknown owner - C:\WINDOWS\system32\mscdco.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe
--
End of file - 9407 bytes