1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot connect to internet - Error 1075

Discussion in 'Virus & Other Malware Removal' started by Xanderos, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. Xanderos

    Xanderos Thread Starter

    Joined:
    Sep 4, 2009
    Messages:
    2
    My computer is forever stuck on "Acquiring Network address". I have tried to go into the services, and turn on the DHCP Client, however I get an Error 1075: The dependency service does not exist or has been marked for deletion, and it will not start. Attached is the logs you wished. Hopefully someone can help out. (Note: This is not the affected computer, the logs are from it, however) I am running Windows XP Home Edition, SP3. I thank you in advance for the help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:29:14 AM, on 12/13/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\explorer.exe
    E:\Tech Forums\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110514120340.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265431042796
    O16 - DPF: {528BF874-2681-4CE3-8C62-AA0D3BC0A719} (McciSysSCM Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140363995375
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Logitech, Inc. - (no file)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Logitech, Inc. - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10875 bytes



    1:27 PM 12/13/2011.
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Lynn Bartlo at 13:21:18 on 2011-12-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.642 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.net
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514120340.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265431042796
    DPF: {528BF874-2681-4CE3-8C62-AA0D3BC0A719} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140363995375
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{9714F31A-4912-46C4-9E96-42C50F7C6BEB} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
    Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-8-25 5632]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-5 387480]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-5 84200]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-11 93320]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-5 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-5 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-5 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-5 56064]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-5 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-5 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-5 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-5 88736]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-1-21 6400]
    S1 5335319;5335319;\??\c:\windows\system32\drivers\5335319.sys --> c:\windows\system32\drivers\5335319.sys [?]
    S2 mrtRate;mrtRate; [x]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\johnba~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\johnba~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
    S3 DuneNtsc;Pinnacle PCTV Deluxe USB (NTSC) Device;c:\windows\system32\drivers\DuneNtsc.sys [2005-1-21 97408]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-12-12 23624]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-5 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-5 84488]
    S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;c:\windows\system32\drivers\PcleMBox.sys [2004-12-13 995456]
    .
    =============== Created Last 30 ================
    .
    2011-12-13 13:09:03 -------- dcsha-r- C:\cmdcons
    2011-12-13 12:59:44 -------- d-----w- c:\program files\Free Window Registry Repair
    2011-12-13 12:58:05 -------- dc----w- c:\documents and settings\lynn bartlo\local settings\application data\Adobe
    2011-12-13 12:35:49 -------- d-----w- c:\windows\setup.pss
    2011-12-13 01:36:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-12-13 01:36:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-12-13 01:36:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-12-13 01:36:44 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-12-13 01:36:40 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-12-13 01:36:34 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2011-12-13 01:36:28 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-12-13 01:36:27 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-12-13 01:36:22 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-12-13 01:36:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2011-12-13 01:35:47 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2011-12-13 01:35:43 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2011-12-13 01:35:32 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2011-12-13 01:35:26 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2011-12-13 01:35:22 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2011-12-13 01:35:12 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2011-12-13 01:35:11 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2011-12-13 01:35:10 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
    2011-12-13 01:35:06 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2011-12-13 01:35:02 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
    2011-12-13 01:35:01 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
    2011-12-13 01:35:00 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
    2011-12-13 01:33:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2011-12-13 01:32:57 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
    2011-12-13 01:32:52 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
    2011-12-13 01:32:48 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
    2011-12-13 01:32:44 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
    2011-12-13 01:32:40 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
    2011-12-13 01:32:36 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
    2011-12-13 01:32:26 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
    2011-12-13 01:32:22 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
    2011-12-13 01:32:17 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
    2011-12-13 01:32:13 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2011-12-13 01:32:09 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
    2011-12-13 01:32:05 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
    2011-12-13 01:32:00 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
    2011-12-13 01:30:55 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
    2011-12-13 01:29:57 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
    2011-12-13 01:29:54 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
    2011-12-13 01:29:50 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
    2011-12-13 01:29:46 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
    2011-12-13 01:29:41 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
    2011-12-13 01:29:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
    2011-12-13 01:29:28 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
    2011-12-13 01:29:22 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
    2011-12-13 01:29:18 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
    2011-12-13 01:29:14 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
    2011-12-13 01:29:10 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2011-12-13 01:29:06 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
    2011-12-13 01:29:03 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
    2011-12-13 01:27:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
    2011-12-13 01:27:50 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
    2011-12-13 01:27:46 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
    2011-12-13 01:27:42 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
    2011-12-13 01:27:38 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
    2011-12-13 01:27:37 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
    2011-12-13 01:27:34 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
    2011-12-13 01:27:30 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2011-12-13 01:27:26 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
    2011-12-13 01:27:23 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
    2011-12-13 01:27:19 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2011-12-13 01:27:15 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
    2011-12-13 01:27:02 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2011-12-13 01:25:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
    2011-12-13 01:24:58 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
    2011-12-13 01:24:53 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
    2011-12-13 01:24:49 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
    2011-12-13 01:24:46 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
    2011-12-13 01:24:42 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2011-12-13 01:24:38 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
    2011-12-13 01:24:27 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
    2011-12-13 01:24:21 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
    2011-12-13 01:24:18 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
    2011-12-13 01:24:14 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
    2011-12-13 01:24:11 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
    2011-12-13 01:24:00 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2011-12-13 01:22:57 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
    2011-12-13 01:21:54 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
    2011-12-13 01:20:55 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2011-12-13 01:19:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
    2011-12-13 01:18:55 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2011-12-13 01:18:47 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2011-12-13 01:18:46 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2011-12-13 01:18:30 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2011-12-13 01:18:27 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2011-12-13 01:18:25 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2011-12-13 01:18:15 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2011-12-13 01:18:12 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
    2011-12-13 01:18:06 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
    2011-12-13 01:16:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
    2011-12-13 01:16:55 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
    2011-12-13 01:16:50 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
    2011-12-13 01:16:47 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
    2011-12-13 01:16:44 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
    2011-12-13 01:16:42 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
    2011-12-13 01:16:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2011-12-13 01:16:37 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
    2011-12-13 01:16:34 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
    2011-12-13 01:16:31 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
    2011-12-13 01:16:28 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
    2011-12-13 01:16:27 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
    2011-12-13 01:16:00 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2011-12-13 01:14:58 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
    2011-12-13 01:13:57 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
    2011-12-13 01:12:58 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
    2011-12-13 01:11:55 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
    2011-12-13 01:10:55 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll
    2011-12-13 01:09:58 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
    2011-12-13 01:08:59 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
    2011-12-13 01:07:59 93952 -c--a-w- c:\windows\system32\dllcache\cwcwdm.sys
    2011-12-13 01:06:58 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
    2011-12-13 01:05:59 81408 -c--a-w- c:\windows\system32\dllcache\brmfcwia.dll
    2011-12-13 01:04:59 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
    2011-12-13 01:04:56 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
    2011-12-13 01:04:55 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
    2011-12-13 01:04:54 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
    2011-12-13 01:04:53 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
    2011-12-13 01:04:52 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
    2011-12-13 01:04:52 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
    2011-12-13 01:04:51 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
    2011-12-13 01:04:49 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
    2011-12-13 01:04:48 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
    2011-12-12 23:10:11 -------- d-----w- c:\program files\CCleaner
    2011-12-12 14:58:58 98816 ----a-w- c:\windows\sed.exe
    2011-12-12 14:58:58 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-12 14:58:58 256000 ----a-w- c:\windows\PEV.exe
    2011-12-12 14:58:58 208896 ----a-w- c:\windows\MBR.exe
    2011-12-12 14:26:53 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-12-12 14:26:23 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
    2011-12-04 17:33:06 -------- dcsh--w- c:\documents and settings\lynn bartlo\IECompatCache
    2011-11-25 18:45:17 6668624 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{6f475825-662e-4b21-8a65-27efd7b35531}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-30 00:12:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-05-06 01:01:02 1277680 ----a-w- c:\program files\couponprinter.exe
    .
    ============= FINISH: 13:22:48.15 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-13 13:16:13
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6025GAS rev.KA201A
    Running: t4vljily.exe; Driver: C:\DOCUME~1\LYNNBA~1\LOCALS~1\Temp\kxroqpow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9F97210]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9F97224]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9F97250]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9F972A6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9F971FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9F971D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9F971E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9F9723A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9F9727C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9F97266]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9F972D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9F972BC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9F97290]
    Code \??\C:\DOCUME~1\LYNNBA~1\LOCALS~1\Temp\catchme.sys pIofCallDriver
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 80515AB2 7 Bytes JMP B9F97294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP B9F97200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 80578AB4 5 Bytes JMP B9F97214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A7A9 5 Bytes JMP B9F972C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC21 7 Bytes JMP B9F972AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 8057F93A 5 Bytes JMP B9F971D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80580088 7 Bytes JMP B9F9726A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 8058E8B1 5 Bytes JMP B9F972D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 80596743 5 Bytes JMP B9F971EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 805991E8 7 Bytes JMP B9F97254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 8059A5C9 7 Bytes JMP B9F97228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetSecurityObject 805E8694 5 Bytes JMP B9F97280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8065684C 7 Bytes JMP B9F9723E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xBA4C8E00]
    ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
    ? C:\DOCUME~1\LYNNBA~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FE5
    .text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FCA
    .text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0005000A
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040000
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F6A
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040069
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040058
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040047
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FA5
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000400A1
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F59
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000400BC
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F23
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000400CD
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0004002C
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FE5
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040084
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FCA
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0004001B
    .text C:\WINDOWS\system32\services.exe[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F3E
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0097001B
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0097004A
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FCA
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0097000A
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00970F97
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FEF
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00970FA8
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B7, 88] {MOV BH, 0x88}
    .text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970FB9
    .text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FA3
    .text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FB4
    .text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007001D
    .text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000
    .text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0007002E
    .text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FE3
    .text C:\WINDOWS\system32\services.exe[576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FE5
    .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DB0FEF
    .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB0025
    .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB0014
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0000
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F88
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA007D
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0FAF
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0062
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0051
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA00BF
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA00AE
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0F48
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA00E1
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA0F37
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0FCA
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA001B
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0F77
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FE5
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA002C
    .text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA00D0
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE0FD1
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0F9B
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE002C
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE0011
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0FB6
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0000
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DE0058
    .text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE003D
    .text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD0033
    .text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0022
    .text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0FCD
    .text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0FEF
    .text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0FBC
    .text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FDE
    .text C:\WINDOWS\system32\lsass.exe[588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0FEF
    .text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0000
    .text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0FD1
    .text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD0011
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC000A
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC006C
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC005B
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0F81
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0F9E
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FCA
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0F44
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F55
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC00B8
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC00A7
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0EFA
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0FAF
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC001B
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F66
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0036
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0FE5
    .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F29
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02410FB9
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0241006F
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02410FD4
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02410FEF
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0241004A
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02410000
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02410FA8
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [61, 8A]
    .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0241002F
    .text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF005D
    .text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FD2
    .text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0027
    .text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0042
    .text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FEF
    .text C:\WINDOWS\system32\svchost.exe[768] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
    .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD001B
    .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD0FE5
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC004C
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F57
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC002F
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC001E
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0F97
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F1A
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F2B
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0095
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0084
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00A6
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0F7C
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FD4
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F3C
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FA8
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FC3
    .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0073
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FDB
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C0007D
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C0002C
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C0001B
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00062
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C00047
    .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FC0
    .text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FB2
    .text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FC3
    .text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FE5
    .text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF000C
    .text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FD4
    .text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0029
    .text C:\WINDOWS\system32\svchost.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01820000
    .text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01820036
    .text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01820011
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01810FEF
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01810F9E
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01810089
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01810078
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01810FAF
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01810036
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018100CE
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01810F7C
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01810F3F
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01810F50
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018100F3
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01810051
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01810FDE
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01810F8D
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0181001B
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0181000A
    .text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01810F6B
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03900FB9
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03900F6B
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03900FCA
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03900FE5
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03900F86
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03900000
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03900F97
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 8B] {MOV AL, 0x8b}
    .text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03900FA8
    .text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 038F0F9C
    .text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!system 77C293C7 5 Bytes JMP 038F0027
    .text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 038F0FC8
    .text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 038F0000
    .text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 038F0FAD
    .text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 038F0FE3
    .text C:\WINDOWS\System32\svchost.exe[864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 038E0FEF
    .text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01830000
    .text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01830FE5
    .text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01830FD4
    .text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01830FC3
    .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007B0FEF
    .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007B0FCD
    .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B0FDE
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A0000
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007A0091
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007A0F9C
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007A0076
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007A0065
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007A004A
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007A00BF
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007A00A2
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007A0F52
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007A00EB
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007A0106
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007A0FC3
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A0FE5
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007A0F77
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007A0FD4
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007A001B
    .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007A00DA
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007E0FCA
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007E006C
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007E0011
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007E0000
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007E0FAF
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007E0FEF
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007E0051
    .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007E0040
    .text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D003B
    .text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D0FB0
    .text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0FD2
    .text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FEF
    .text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0FC1
    .text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D000C
    .text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007C000A
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640FD1
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640011
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F4B
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F5C
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630040
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063002F
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0063001E
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F09
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630051
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0063008E
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0063007D
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630EDA
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630F97
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630FD4
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F30
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FB2
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630FC3
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630062
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C6003D
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60069
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C6002C
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C60011
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C60FAC
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C60000
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C60058
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60FD1
    .text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50FBC
    .text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50047
    .text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50FDE
    .text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C5000C
    .text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50FCD
    .text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50FEF
    .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00650FE5
    .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0065000A
    .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0065001B
    .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0065002C
    .text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00660000
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD0FCA
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F99
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC008E
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0FB4
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC007D
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC006C
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00CB
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00BA
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F68
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0101
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F57
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FE5
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0011
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A9
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0047
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0036
    .text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00E6
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB001B
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F9E
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FD4
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB005B
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0000
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FB9
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
    .text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0040
    .text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FA8
    .text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0033
    .text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FDE
    .text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FCD
    .text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FEF

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x71 0x3B 0x04 0x66 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x31 0x77 0xE1 0xBA ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xF6 0x0F 0x4E 0x58 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xE3 0x0E 0x66 0xD5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0x05 0x73 0x21 0xDD ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Xanderos

    Xanderos Thread Starter

    Joined:
    Sep 4, 2009
    Messages:
    2
    Thanks for the quick response guys, You're a lifesaver. I shall be sure to recommend that all my friends come to http://www.bleepingcomputer.com for all their troubles too! :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031077

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice