Cannot connect to internet - Error 1075

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Xanderos

Thread Starter
Joined
Sep 4, 2009
Messages
2
My computer is forever stuck on "Acquiring Network address". I have tried to go into the services, and turn on the DHCP Client, however I get an Error 1075: The dependency service does not exist or has been marked for deletion, and it will not start. Attached is the logs you wished. Hopefully someone can help out. (Note: This is not the affected computer, the logs are from it, however) I am running Windows XP Home Edition, SP3. I thank you in advance for the help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:29:14 AM, on 12/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\explorer.exe
E:\Tech Forums\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110514120340.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265431042796
O16 - DPF: {528BF874-2681-4CE3-8C62-AA0D3BC0A719} (McciSysSCM Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140363995375
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10875 bytes



1:27 PM 12/13/2011.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lynn Bartlo at 13:21:18 on 2011-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.642 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514120340.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265431042796
DPF: {528BF874-2681-4CE3-8C62-AA0D3BC0A719} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140363995375
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9714F31A-4912-46C4-9E96-42C50F7C6BEB} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-8-25 5632]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-5 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-5 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-11 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-5 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-5 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-5 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-5 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-5 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-5 88736]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-1-21 6400]
S1 5335319;5335319;\??\c:\windows\system32\drivers\5335319.sys --> c:\windows\system32\drivers\5335319.sys [?]
S2 mrtRate;mrtRate; [x]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\johnba~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\johnba~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 DuneNtsc;Pinnacle PCTV Deluxe USB (NTSC) Device;c:\windows\system32\drivers\DuneNtsc.sys [2005-1-21 97408]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-12-12 23624]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-5 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-5 84488]
S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;c:\windows\system32\drivers\PcleMBox.sys [2004-12-13 995456]
.
=============== Created Last 30 ================
.
2011-12-13 13:09:03 -------- dcsha-r- C:\cmdcons
2011-12-13 12:59:44 -------- d-----w- c:\program files\Free Window Registry Repair
2011-12-13 12:58:05 -------- dc----w- c:\documents and settings\lynn bartlo\local settings\application data\Adobe
2011-12-13 12:35:49 -------- d-----w- c:\windows\setup.pss
2011-12-13 01:36:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-13 01:36:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-13 01:36:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-13 01:36:44 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-13 01:36:40 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-13 01:36:34 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-13 01:36:28 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-13 01:36:27 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-12-13 01:36:22 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-12-13 01:36:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-13 01:35:47 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-12-13 01:35:43 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-12-13 01:35:32 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-12-13 01:35:26 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-12-13 01:35:22 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-12-13 01:35:12 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-12-13 01:35:11 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-12-13 01:35:10 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-12-13 01:35:06 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-12-13 01:35:02 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2011-12-13 01:35:01 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-12-13 01:35:00 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-12-13 01:33:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-12-13 01:32:57 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-12-13 01:32:52 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-12-13 01:32:48 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-12-13 01:32:44 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-12-13 01:32:40 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-12-13 01:32:36 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-12-13 01:32:26 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-12-13 01:32:22 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-12-13 01:32:17 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-12-13 01:32:13 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-12-13 01:32:09 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-12-13 01:32:05 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-12-13 01:32:00 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-12-13 01:30:55 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-12-13 01:29:57 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-12-13 01:29:54 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-12-13 01:29:50 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-12-13 01:29:46 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-12-13 01:29:41 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-12-13 01:29:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-12-13 01:29:28 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-12-13 01:29:22 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-12-13 01:29:18 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-12-13 01:29:14 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-12-13 01:29:10 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-12-13 01:29:06 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-12-13 01:29:03 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-12-13 01:27:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-12-13 01:27:50 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-12-13 01:27:46 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-12-13 01:27:42 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-12-13 01:27:38 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-12-13 01:27:37 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-12-13 01:27:34 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-12-13 01:27:30 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-12-13 01:27:26 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-12-13 01:27:23 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-12-13 01:27:19 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-12-13 01:27:15 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-12-13 01:27:02 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-12-13 01:25:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-12-13 01:24:58 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-12-13 01:24:53 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-12-13 01:24:49 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-12-13 01:24:46 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-12-13 01:24:42 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-12-13 01:24:38 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-12-13 01:24:27 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-12-13 01:24:21 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-12-13 01:24:18 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-12-13 01:24:14 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-12-13 01:24:11 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-12-13 01:24:00 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-12-13 01:22:57 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-12-13 01:21:54 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2011-12-13 01:20:55 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-12-13 01:19:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-12-13 01:18:55 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-12-13 01:18:47 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-12-13 01:18:46 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-12-13 01:18:30 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-12-13 01:18:27 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-12-13 01:18:25 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-12-13 01:18:15 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-12-13 01:18:12 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-12-13 01:18:06 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-12-13 01:16:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-12-13 01:16:55 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2011-12-13 01:16:50 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-12-13 01:16:47 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-12-13 01:16:44 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-12-13 01:16:42 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-12-13 01:16:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-12-13 01:16:37 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-12-13 01:16:34 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-12-13 01:16:31 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-12-13 01:16:28 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-12-13 01:16:27 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-12-13 01:16:00 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-12-13 01:14:58 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-12-13 01:13:57 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-12-13 01:12:58 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-12-13 01:11:55 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-12-13 01:10:55 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll
2011-12-13 01:09:58 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2011-12-13 01:08:59 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2011-12-13 01:07:59 93952 -c--a-w- c:\windows\system32\dllcache\cwcwdm.sys
2011-12-13 01:06:58 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2011-12-13 01:05:59 81408 -c--a-w- c:\windows\system32\dllcache\brmfcwia.dll
2011-12-13 01:04:59 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2011-12-13 01:04:56 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-12-13 01:04:55 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-12-13 01:04:54 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-12-13 01:04:53 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-12-13 01:04:52 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-12-13 01:04:52 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-12-13 01:04:51 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2011-12-13 01:04:49 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2011-12-13 01:04:48 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2011-12-12 23:10:11 -------- d-----w- c:\program files\CCleaner
2011-12-12 14:58:58 98816 ----a-w- c:\windows\sed.exe
2011-12-12 14:58:58 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 14:58:58 256000 ----a-w- c:\windows\PEV.exe
2011-12-12 14:58:58 208896 ----a-w- c:\windows\MBR.exe
2011-12-12 14:26:53 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-12 14:26:23 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
2011-12-04 17:33:06 -------- dcsh--w- c:\documents and settings\lynn bartlo\IECompatCache
2011-11-25 18:45:17 6668624 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{6f475825-662e-4b21-8a65-27efd7b35531}\mpengine.dll
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-30 00:12:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-05-06 01:01:02 1277680 ----a-w- c:\program files\couponprinter.exe
.
============= FINISH: 13:22:48.15 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 13:16:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6025GAS rev.KA201A
Running: t4vljily.exe; Driver: C:\DOCUME~1\LYNNBA~1\LOCALS~1\Temp\kxroqpow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9F97210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9F97224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9F97250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9F972A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9F971FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9F971D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9F971E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9F9723A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9F9727C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9F97266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9F972D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9F972BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9F97290]
Code \??\C:\DOCUME~1\LYNNBA~1\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515AB2 7 Bytes JMP B9F97294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP B9F97200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80578AB4 5 Bytes JMP B9F97214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A7A9 5 Bytes JMP B9F972C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC21 7 Bytes JMP B9F972AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057F93A 5 Bytes JMP B9F971D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80580088 7 Bytes JMP B9F9726A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E8B1 5 Bytes JMP B9F972D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80596743 5 Bytes JMP B9F971EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 805991E8 7 Bytes JMP B9F97254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059A5C9 7 Bytes JMP B9F97228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetSecurityObject 805E8694 5 Bytes JMP B9F97280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8065684C 7 Bytes JMP B9F9723E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xBA4C8E00]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\LYNNBA~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FCA
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F6A
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040069
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040058
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040047
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FA5
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000400A1
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F59
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000400BC
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F23
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000400CD
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0004002C
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040084
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F3E
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0097001B
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0097004A
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FCA
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00970F97
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00970FA8
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B7, 88] {MOV BH, 0x88}
.text C:\WINDOWS\system32\services.exe[576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FA3
.text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FB4
.text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0007002E
.text C:\WINDOWS\system32\services.exe[576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB0014
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F88
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA007D
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0062
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0051
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA00BF
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA00AE
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0F48
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA00E1
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA0F37
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0F77
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA00D0
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE0FD1
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0F9B
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE002C
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE0011
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0FB6
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DE0058
.text C:\WINDOWS\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE003D
.text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD0033
.text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0022
.text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0FCD
.text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0FBC
.text C:\WINDOWS\system32\lsass.exe[588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\lsass.exe[588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0FD1
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD0011
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC006C
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC005B
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0F81
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0F9E
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0F44
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F55
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC00B8
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC00A7
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0EFA
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0FAF
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F66
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F29
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02410FB9
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0241006F
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02410FD4
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02410FEF
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0241004A
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02410000
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02410FA8
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [61, 8A]
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0241002F
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF005D
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0042
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[768] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC004C
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F57
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC001E
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0F97
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F1A
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F2B
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0095
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0084
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00A6
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0F7C
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F3C
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0073
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C0007D
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00062
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0029
.text C:\WINDOWS\system32\svchost.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01820000
.text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01820036
.text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01820011
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01810FEF
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01810F9E
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01810089
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01810078
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01810FAF
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01810036
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018100CE
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01810F7C
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01810F3F
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01810F50
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018100F3
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01810051
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01810FDE
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01810F8D
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0181001B
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0181000A
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01810F6B
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03900FB9
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03900F6B
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03900FCA
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03900FE5
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03900F86
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03900000
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03900F97
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 8B] {MOV AL, 0x8b}
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03900FA8
.text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 038F0F9C
.text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!system 77C293C7 5 Bytes JMP 038F0027
.text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 038F0FC8
.text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 038F0000
.text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 038F0FAD
.text C:\WINDOWS\System32\svchost.exe[864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 038F0FE3
.text C:\WINDOWS\System32\svchost.exe[864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 038E0FEF
.text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01830000
.text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01830FE5
.text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01830FD4
.text C:\WINDOWS\System32\svchost.exe[864] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01830FC3
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007B0FCD
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B0FDE
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007A0091
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007A0F9C
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007A0076
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007A0065
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007A004A
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007A00BF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007A00A2
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007A0F52
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007A00EB
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007A0106
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007A0FC3
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007A0F77
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007A00DA
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007E006C
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007E0FAF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007E0051
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007E0040
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D003B
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D0FB0
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0FD2
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0FC1
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D000C
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640FD1
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F4B
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F5C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063002F
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0063001E
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F09
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630051
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0063008E
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0063007D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630EDA
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630F97
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F30
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630062
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C6003D
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60069
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C6002C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C60011
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C60FAC
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C60058
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60FD1
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50FBC
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50047
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C5000C
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50FCD
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00660000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F99
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC008E
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0FB4
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC007D
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00CB
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00BA
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F68
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0101
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F57
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A9
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00E6
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB005B
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0033
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FCD
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top