1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer is running slow and internet

Discussion in 'Virus & Other Malware Removal' started by dneighbor, Jan 2, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    This laptop is running really slow and when I go to IE it loads but aqs soon as it does it closes
     
  2. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Pastor Carl Cutlip at 15:28:32.90 on Sun 01/02/2011
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3001.1483 [GMT -5:00]

    AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atashost.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdqserv.exe
    C:\Windows\system32\lxdqcoms.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\BarDiscover\bardiscover.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?r0=1290729241
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.6.79\ShoppingReport.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program files\mcafee\msk\MskAPBho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Hotbar: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\hotbar\bin\11.0.175.0\HostIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Hotbar: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\hotbar\bin\11.0.175.0\HostIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Hotbar Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\hotbar\bin\11.0.175.0\HostIE.dll
    EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.6.79\ShoppingReport.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [WeatherDPA] "c:\program files\hotbar\bin\11.0.175.0\Weather.exe" -auto
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
    mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
    mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark z2400 series\ezprint.exe"
    mRun: [HotbarSA] "c:\program files\hotbar\bin\11.0.175.0\HotbarSA.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.6.79\ShoppingReport.dll
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.6.79\ShoppingReport.dll
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\pastor~1\appdata\roaming\mozilla\firefox\profiles\woshqljj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?r0=1290729241
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\hotbar\bin\11.0.175.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: BarDiscover: {AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} - c:\program files\mozilla firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Hotbar Component: [email protected] - c:\program files\hotbar\bin\11.0.175.0\firefox\extensions

    ============= SERVICES / DRIVERS ===============

    R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
    R? gupdate;Google Update Service (gupdate)
    R? mferkdk;McAfee Inc. mferkdk
    R? NTIBackupSvc;NTI Backup Now 5 Backup Service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? atashost;WebEx Service Host for Support Center
    S? BarDiscover Service;BarDiscover Service
    S? DsiWMIService;Dritek WMI Service
    S? ePowerSvc;Acer ePower Service
    S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI
    S? L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller
    S? lxdq_device;lxdq_device
    S? lxdqCATSCustConnectService;lxdqCATSCustConnectService
    S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
    S? McProxy;McAfee Proxy Service
    S? McShield;McAfee Real-time Scanner
    S? McSysmon;McAfee SystemGuards
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfebopk;McAfee Inc. mfebopk
    S? mfehidk;McAfee Inc. mfehidk
    S? mfesmfk;McAfee Inc. mfesmfk
    S? mwlPSDFilter;mwlPSDFilter
    S? mwlPSDNServ;mwlPSDNServ
    S? mwlPSDVDisk;mwlPSDVDisk
    S? MWLService;MyWinLocker Service
    S? NTI IScheduleSvc;NTI IScheduleSvc
    S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
    S? ODDPwrSvc;Acer ODD Power Service
    S? RS_Service;Raw Socket Service

    =============== Created Last 30 ================

    2011-01-02 20:25:59 388096 ----a-r- c:\users\pastor~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-02 20:25:55 -------- d-----w- c:\program files\Trend Micro
    2010-12-26 01:35:12 -------- d-----w- c:\program files\Linksys
    2010-12-26 01:34:31 -------- d-----w- c:\program files\Pure Networks
    2010-12-26 01:34:13 76184 ----a-w- c:\windows\system32\atsckernel.exe
    2010-12-26 01:34:12 20376 ----a-w- c:\windows\system32\atashost.exe
    2010-12-26 01:34:06 -------- d-----w- c:\progra~2\webex
    2010-12-26 01:34:03 8892928 ----a-w- c:\progra~2\atscie.msi
    2010-12-26 01:32:30 24880 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2010-12-26 01:31:47 26416 ----a-w- c:\windows\system32\drivers\purendis.sys
    2010-12-26 01:31:43 -------- d-----w- c:\program files\common files\Pure Networks Shared
    2010-12-26 01:31:30 -------- d-----w- c:\progra~2\Pure Networks
    2010-12-10 21:40:02 -------- d-----w- c:\windows\system32\EventProviders
    2010-12-10 00:50:24 51964 ----a-w- c:\progra~2\SPL1E68.tmp
    2010-12-07 23:55:16 51964 ----a-w- c:\progra~2\SPLBF1.tmp
    2010-12-05 18:49:27 51964 ----a-w- c:\progra~2\SPL721.tmp

    ==================== Find3M ====================

    2010-12-01 15:32:56 51964 ----a-w- c:\progra~2\SPL6328.tmp

    ============= FINISH: 15:30:37.49 ===============
     
  3. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    • attack file
     

    Attached Files:

  4. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-02 22:08:54
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
    Running: d1cuoyzw.exe; Driver: C:\Users\PASTOR~1\AppData\Local\Temp\ufrdiuob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EFAA2CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EFAA268]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EFAA27C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EFAA30C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EFAA34F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EFAA240]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EFAA254]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EFAA2E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EFAA377]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EFAA363]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EFAA2BA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EFAA2A6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EFAA33B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EFAA322]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EFAA2F8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EFAA292]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 820771C0 5 Bytes JMP 8EFAA2FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 822111AD 5 Bytes JMP 8EFAA353 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateUserProcess 82218E06 5 Bytes JMP 8EFAA296 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 82232FBC 5 Bytes JMP 8EFAA33F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 82252246 5 Bytes JMP 8EFAA258 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 82261BBE 5 Bytes JMP 8EFAA244 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 8227480E 7 Bytes JMP 8EFAA310 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82274E65 5 Bytes JMP 8EFAA326 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtCreateFile 82277076 5 Bytes JMP 8EFAA2D2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 82284734 5 Bytes JMP 8EFAA2AA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8228698E 7 Bytes JMP 8EFAA2E6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 822A5552 5 Bytes JMP 8EFAA367 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 822A659E 5 Bytes JMP 8EFAA37B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 822E431D 5 Bytes JMP 8EFAA26C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 822E4368 7 Bytes JMP 8EFAA280 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 822E4E23 5 Bytes JMP 8EFAA2BE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[540] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[540] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 001B0F4D
    .text C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 001B009D
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 001B0F21
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 001B00AE
    .text C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 001B005D
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 001B0036
    .text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 001B0F83
    .text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 001B0FAF
    .text C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 001B0F72
    .text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 001B0F94
    .text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 001B0FCA
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 001B0082
    .text C:\Windows\system32\services.exe[628] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 001B00DD
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 001B0FE5
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 001B0000
    .text C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 001B0025
    .text C:\Windows\system32\services.exe[628] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 001B0F3C
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00790F8D
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00790FC3
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00790FEF
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00790FA8
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 0079004A
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00790014
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00790FDE
    .text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00790025
    .text C:\Windows\system32\services.exe[628] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 007A0038
    .text C:\Windows\system32\services.exe[628] msvcrt.dll!system 771F8B63 5 Bytes JMP 007A0027
    .text C:\Windows\system32\services.exe[628] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 007A0FD2
    .text C:\Windows\system32\services.exe[628] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 007A0FEF
    .text C:\Windows\system32\services.exe[628] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 007A0FB7
    .text C:\Windows\system32\services.exe[628] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 007A000C
    .text C:\Windows\system32\services.exe[628] WS2_32.dll!socket 776036D1 5 Bytes JMP 007F0000
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00110F51
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 00110097
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 00110F1B
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 001100B2
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 0011005A
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00110FCA
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00110049
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00110F9B
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00110075
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00110F80
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 0011002C
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 00110086
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 001100CD
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00110011
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00110000
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 00110FDB
    .text C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 00110F40
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 0012005B
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 0012004A
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00120000
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00120FB9
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00120FA8
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 0012002F
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00120FEF
    .text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00120FDE
    .text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00130F86
    .text C:\Windows\system32\lsass.exe[644] msvcrt.dll!system 771F8B63 5 Bytes JMP 00130011
    .text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00130FB5
    .text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00130FE3
    .text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00130000
    .text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00130FD2
    .text C:\Windows\system32\lsass.exe[644] WS2_32.dll!socket 776036D1 5 Bytes JMP 00290FEF
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 001900C4
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 001900A9
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 00190104
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 001900F3
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 00190098
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00190FD4
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00190087
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 0019005B
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00190FA3
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00190076
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 00190040
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 00190F7E
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 00190115
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00190025
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00190000
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 00190FE5
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 00190F6D
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00300F9C
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!system 771F8B63 5 Bytes JMP 00300FB7
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 0030001D
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00300FEF
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00300FC8
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 0030000C
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 002F0FD4
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 002F005B
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 002F0000
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 002F0076
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 002F0FC3
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 002F002C
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 002F0011
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 002F0FE5
    .text C:\Windows\system32\svchost.exe[848] WS2_32.dll!socket 776036D1 5 Bytes JMP 00310000
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 001C00B6
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 001C009B
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 001C00EC
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 001C00D1
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 001C0F92
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 001C001B
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 001C006C
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 001C0040
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 001C0F81
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 001C005B
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 001C0FB9
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 001C0F66
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 001C0111
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 001C000A
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 001C0FEF
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 001C0FCA
    .text C:\Windows\system32\svchost.exe[912] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 001C0F55
    .text C:\Windows\system32\svchost.exe[912] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00880FB2
    .text C:\Windows\system32\svchost.exe[912] msvcrt.dll!system 771F8B63 5 Bytes JMP 0088003D
    .text C:\Windows\system32\svchost.exe[912] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00880011
    .text C:\Windows\system32\svchost.exe[912] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00880000
    .text C:\Windows\system32\svchost.exe[912] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 0088002C
    .text C:\Windows\system32\svchost.exe[912] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00880FE3
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00870FB2
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 0087004A
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00870FEF
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00870FC3
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 0087006F
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00870014
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 3 Bytes JMP 00870FDE
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW + 4 76FB3CB4 1 Byte [89]
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 3 Bytes JMP 0087002F
    .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW + 4 76FBF0A1 1 Byte [89]
    .text C:\Windows\system32\svchost.exe[912] WS2_32.dll!socket 776036D1 5 Bytes JMP 008D0000
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 008E0F68
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 008E00A4
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 008E0F4D
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 008E00E4
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 008E006E
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 008E001B
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 008E0053
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 008E0FA5
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 008E0089
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 008E0F8A
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 008E0036
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 008E0F79
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 008E0F32
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 008E000A
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 008E0FEF
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 008E0FCA
    .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 008E00C9
    .text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 009D0055
    .text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!system 771F8B63 5 Bytes JMP 009D0044
    .text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 009D0FDE
    .text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 009D000C
    .text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 009D0033
    .text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 009D0FEF
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 009B0FB9
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 009B005B
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 009B0000
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 009B0FD4
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 009B0F9E
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 009B0036
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 009B001B
    .text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 009B0FEF
    .text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!socket 776036D1 5 Bytes JMP 00A20FEF
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00A10098
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 00A1007D
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 00A100DF
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 00A100CE
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 00A10F77
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00A10FDB
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00A10F88
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00A10FB6
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00A10F52
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00A10FA5
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 00A1003D
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 00A1006C
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 00A10F23
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00A10011
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00A10000
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 00A10022
    .text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 00A100A9
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00DC0055
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!system 771F8B63 5 Bytes JMP 00DC0044
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00DC0029
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00DC0FEF
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00DC0FCA
    .text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00DC0018
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00DB0073
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00DB0051
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00DB0000
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00DB0062
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00DB0084
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00DB0025
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00DB0FE5
    .text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00DB0040
    .text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!socket 776036D1 5 Bytes JMP 00DE0FEF
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 009C0F32
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 009C0F43
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 009C0F06
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 009C009D
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 009C006E
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 009C0011
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 009C0047
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 009C0FA5
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 009C0F79
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 009C0F94
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 009C002C
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 009C0F68
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 009C0EF5
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 009C0FD4
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 009C0FEF
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 009C0000
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 009C0F21
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00D80F90
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!system 771F8B63 5 Bytes JMP 00D80FA1
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00D80011
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00D80FEF
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00D80FBC
    .text C:\Windows\system32\svchost.exe[1148] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00D80000
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00D70F8A
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00D70FAF
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00D70000
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00D70036
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00D70F79
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00D70FDB
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00D70011
    .text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00D70FCA
    .text C:\Windows\system32\svchost.exe[1148] WS2_32.dll!socket 776036D1 5 Bytes JMP 00DA0000
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 001D0067
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 001D0056
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 001D0EEB
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 001D0078
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 001D0F6B
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 001D0FC3
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 001D0F7C
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 001D0FA8
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 001D0F50
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 001D0F97
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 001D002F
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 001D0F35
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 001D0093
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 001D000A
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 001D0FEF
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 001D0FDE
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 001D0EFC
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 001F006B
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!system 771F8B63 5 Bytes JMP 001F005A
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 001F002E
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 001F0000
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 001F003F
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 001F001D
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 001E0062
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 001E0036
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 001E0000
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 001E0047
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 001E0FA5
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 001E0FC0
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 001E0FDB
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 001E001B
    .text C:\Windows\system32\svchost.exe[1236] WS2_32.dll!socket 776036D1 5 Bytes JMP 00350000
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00920098
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 00920087
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 00920F01
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 00920F1C
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 00920040
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00920FC3
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00920F72
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00920F94
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 0092005B
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00920F83
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 00920025
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 0092006C
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 009200BD
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00920014
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00920FEF
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 00920FDE
    .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 00920F37
    .text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00940047
    .text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 771F8B63 5 Bytes JMP 0094002C
    .text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00940FC6
    .text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00940000
    .text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 0094001B
    .text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00940FE3
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00930062
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00930047
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00930000
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00930FC0
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 0093007D
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 0093002C
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00930011
    .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00930FDB
    .text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 776036D1 5 Bytes JMP 00990000
    .text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenA 7792D690 5 Bytes JMP 00DF0FEF
    .text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenW 7792DB09 5 Bytes JMP 00DF000A
    .text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenUrlA 7792F3A4 5 Bytes JMP 00DF001B
    .text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenUrlW 77976D5F 5 Bytes JMP 00DF002C
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 006A00AF
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 006A0F69
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 006A00D1
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 006A00C0
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 006A0F95
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 006A0040
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 006A006F
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 006A0FCD
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 006A0094
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 006A0FB2
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 006A0FDE
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 006A0F7A
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 006A0F1F
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 006A0FEF
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 006A0000
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 006A002F
    .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 006A0F4E
    .text C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 008B0F9C
    .text C:\Windows\system32\svchost.exe[1456] msvcrt.dll!system 771F8B63 5 Bytes JMP 008B0027
    .text C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 008B0FD2
    .text C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 008B000C
    .text C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 008B0FB7
    .text C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 008B0FE3
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 006B0F9E
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 006B0040
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 006B0000
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 006B0FB9
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 006B0F79
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 006B0FEF
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 006B0025
    .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 006B0FDE
    .text C:\Windows\system32\svchost.exe[1456] WS2_32.dll!socket 776036D1 5 Bytes JMP 00900FEF
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 009C0F59
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 009C009F
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 009C0F37
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 009C0F48
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 009C004E
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 009C001B
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 009C003D
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 009C0F9B
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 009C0069
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 009C0F8A
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 009C002C
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 009C0084
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 009C00F3
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 009C0000
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 009C0FE5
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 009C0FCA
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 009C00BA
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00A20FDB
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!system 771F8B63 5 Bytes JMP 00A20066
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00A2003A
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00A20000
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00A2004B
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00A2001D
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00A10F7C
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00A1001E
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00A10FE5
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00A10F8D
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00A10F61
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00A10FC3
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00A10FD4
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00A10FB2
    .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!socket 776036D1 5 Bytes JMP 00A30000
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 008C0F3C
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 008C0082
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 008C00B8
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 008C00A7
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 008C0F5E
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 008C0FAF
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 008C0F79
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 008C002C
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 008C005D
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 008C0F8A
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 008C001B
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 008C0F4D
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 008C0EFC
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 008C0FD4
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 008C0FEF
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 008C000A
    .text C:\Windows\system32\svchost.exe[2132] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 008C0F21
    .text C:\Windows\system32\svchost.exe[2132] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 008E0047
    .text C:\Windows\system32\svchost.exe[2132] msvcrt.dll!system 771F8B63 5 Bytes JMP 008E002C
    .text C:\Windows\system32\svchost.exe[2132] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 008E0011
    .text C:\Windows\system32\svchost.exe[2132] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 008E0FE3
    .text C:\Windows\system32\svchost.exe[2132] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 008E0FC6
    .text C:\Windows\system32\svchost.exe[2132] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 008E0000
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 008D0040
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 008D0014
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 008D0FEF
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 008D002F
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 008D0051
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 008D0FC3
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 008D0FDE
    .text C:\Windows\system32\svchost.exe[2132] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 008D0FB2
    .text C:\Windows\system32\svchost.exe[2132] WS2_32.dll!socket 776036D1 5 Bytes JMP 008F0000
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00850F3C
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 00850F57
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 008500C2
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 00850F21
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 00850F8A
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00850036
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 0085006E
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00850051
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00850F79
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00850FAF
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 00850FCA
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 00850F68
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 008500D3
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00850000
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00850FEF
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 0085001B
    .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 0085009D
    .text C:\Windows\system32\svchost.exe[2388] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 008A005A
    .text C:\Windows\system32\svchost.exe[2388] msvcrt.dll!system 771F8B63 5 Bytes JMP 008A0049
    .text C:\Windows\system32\svchost.exe[2388] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 008A001D
    .text C:\Windows\system32\svchost.exe[2388] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 008A0FEF
    .text C:\Windows\system32\svchost.exe[2388] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 008A002E
    .text C:\Windows\system32\svchost.exe[2388] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 008A000C
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00890039
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00890FA8
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00890000
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00890F97
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00890054
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00890FD4
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00890FEF
    .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00890FC3
    .text C:\Windows\system32\svchost.exe[2388] WS2_32.dll!socket 776036D1 5 Bytes JMP 008B0FEF
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00020F79
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 000200BF
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 000200DA
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 00020F43
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 00020093
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00020FD4
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00020FAF
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00020047
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00020F9E
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00020062
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 00020036
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 000200AE
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 000200EB
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00020FEF
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00020000
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 00020025
    .text C:\Windows\System32\svchost.exe[2452] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 00020F5E
    .text C:\Windows\System32\svchost.exe[2452] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00060FB7
    .text C:\Windows\System32\svchost.exe[2452] msvcrt.dll!system 771F8B63 5 Bytes JMP 00060042
    .text C:\Windows\System32\svchost.exe[2452] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 00060027
    .text C:\Windows\System32\svchost.exe[2452] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00060FE3
    .text C:\Windows\System32\svchost.exe[2452] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00060FD2
    .text C:\Windows\System32\svchost.exe[2452] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00060000
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00050FDB
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00050062
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 0005000A
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00050073
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00050FC0
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00050036
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 0005001B
    .text C:\Windows\System32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00050047
    .text C:\Windows\System32\svchost.exe[2452] WS2_32.dll!socket 776036D1 5 Bytes JMP 000C000A
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00010F5E
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 00010F6F
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 00010F4D
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 000100E4
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 0001006E
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 00010FC3
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00010F94
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00010040
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00010089
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00010051
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 0001002F
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 0001009A
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 000100F5
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 00010FD4
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00010FE5
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 0001000A
    .text C:\Windows\Explorer.EXE[2876] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 000100C9
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00050047
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00050036
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00050FE5
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00050FA5
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00050F94
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00050000
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00050FD4
    .text C:\Windows\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 0005001B
    .text C:\Windows\Explorer.EXE[2876] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00060FC5
    .text C:\Windows\Explorer.EXE[2876] msvcrt.dll!system 771F8B63 5 Bytes JMP 0006005A
    .text C:\Windows\Explorer.EXE[2876] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 0006002E
    .text C:\Windows\Explorer.EXE[2876] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 0006000C
    .text C:\Windows\Explorer.EXE[2876] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 00060049
    .text C:\Windows\Explorer.EXE[2876] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 0006001D
    .text C:\Windows\Explorer.EXE[2876] WININET.dll!InternetOpenA 7792D690 5 Bytes JMP 01DC0FEF
    .text C:\Windows\Explorer.EXE[2876] WININET.dll!InternetOpenW 7792DB09 5 Bytes JMP 01DC000A
    .text C:\Windows\Explorer.EXE[2876] WININET.dll!InternetOpenUrlA 7792F3A4 5 Bytes JMP 01DC0FCA
    .text C:\Windows\Explorer.EXE[2876] WININET.dll!InternetOpenUrlW 77976D5F 5 Bytes JMP 01DC0FAF
    .text C:\Windows\Explorer.EXE[2876] WS2_32.dll!socket 776036D1 5 Bytes JMP 01DD000A
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!GetStartupInfoW 76251929 5 Bytes JMP 00010F5A
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!GetStartupInfoA 762519C9 5 Bytes JMP 00010F6B
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreateProcessW 76251C01 5 Bytes JMP 00010F2E
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreateProcessA 76251C36 5 Bytes JMP 000100C5
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!VirtualProtect 76251DD1 5 Bytes JMP 00010082
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreateNamedPipeW 76255C44 5 Bytes JMP 0001004A
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryExW 762730C3 5 Bytes JMP 00010FA8
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryW 7627361F 5 Bytes JMP 00010FC3
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!VirtualProtectEx 76278D7E 5 Bytes JMP 00010F8D
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryExA 76279469 5 Bytes JMP 00010065
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryA 76279491 5 Bytes JMP 00010FD4
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreatePipe 76280284 5 Bytes JMP 00010F7C
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!GetProcAddress 7629B8B6 5 Bytes JMP 000100E0
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreateFileW 7629CC4E 5 Bytes JMP 0001000A
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreateFileA 7629CF71 5 Bytes JMP 00010FEF
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!CreateNamedPipeA 762E430E 5 Bytes JMP 00010025
    .text C:\Windows\system32\wuauclt.exe[3428] kernel32.dll!WinExec 762E54FF 5 Bytes JMP 00010F49
    .text C:\Windows\system32\wuauclt.exe[3428] msvcrt.dll!_wsystem 771F8A47 5 Bytes JMP 00060049
    .text C:\Windows\system32\wuauclt.exe[3428] msvcrt.dll!system 771F8B63 5 Bytes JMP 00060FB4
    .text C:\Windows\system32\wuauclt.exe[3428] msvcrt.dll!_creat 771FC6F1 5 Bytes JMP 0006001D
    .text C:\Windows\system32\wuauclt.exe[3428] msvcrt.dll!_open 771FDA7E 5 Bytes JMP 00060FEF
    .text C:\Windows\system32\wuauclt.exe[3428] msvcrt.dll!_wcreat 771FDC9E 5 Bytes JMP 0006002E
    .text C:\Windows\system32\wuauclt.exe[3428] msvcrt.dll!_wopen 771FDE79 5 Bytes JMP 00060000
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00070F97
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00070FC3
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00070FEF
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00070FA8
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00070F7C
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00070FDE
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 0007000A
    .text C:\Windows\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 0007002F
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5744] ntdll.dll!LdrLoadDll 77A17933 5 Bytes JMP 008713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\[email protected] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0db244dc

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Temp\mcmsc_6uGK3ea8kQpim2o 0 bytes
    File C:\Windows\Temp\mcmsc_lyGSCtNTBgLDXXt 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  5. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:40:52 PM, on 1/2/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Carbonite\CarbonitePreinstaller.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Lexmark Z2400 Series\ezprint.exe
    C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSA.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hotbar\bin\11.0.175.0\Weather.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Pastor Carl Cutlip\Downloads\HijackThis(2).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r0=1290729241
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.175.0\HostIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.175.0\HostIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
    O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSA.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\11.0.175.0\Weather.exe" -auto
    O4 - Global Startup: Acer VCM.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: BarDiscover Service - Unknown owner - C:\ProgramData\BarDiscover\bardiscover159.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
    O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

    --
    End of file - 12609 bytes
     
  6. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Had to do a system restore so here is and updated set of reports
     
  7. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:46:16 AM, on 1/5/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Carbonite\CarbonitePreinstaller.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lexmark Z2400 Series\ezprint.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r0=1290729241
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
    O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Acer VCM.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
    O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

    --
    End of file - 11561 bytes
     
  8. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Pastor Carl Cutlip at 10:48:04.17 on Wed 01/05/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3001.1604 [GMT -5:00]

    AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atashost.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdqserv.exe
    C:\Windows\system32\lxdqcoms.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Carbonite\CarbonitePreinstaller.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lexmark Z2400 Series\ezprint.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Windows\system32\igfxext.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Pastor Carl Cutlip\Downloads\dds(2).scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?r0=1290729241
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0409&m=aspire_5810t
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program files\mcafee\msk\MskAPBho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
    mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
    mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark z2400 series\ezprint.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\pastor~1\appdata\roaming\mozilla\firefox\profiles\woshqljj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?r0=1290729241
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-8 144704]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-8 212968]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-12-25 20376]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-4-28 117256]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-4-28 703008]
    R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
    R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2008-2-27 98984]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-8 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-8 359248]
    R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
    R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
    R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
    R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2009-4-28 114688]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-4-28 237568]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-28 112128]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-3-31 49664]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-8 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-8 79272]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-8 35240]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-8 40488]
    S2 0014211294242308mcinstcleanup;McAfee Application Installer Cleanup (0014211294242308);c:\windows\temp\001421~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001421~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-10-7 30192]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-8 34216]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-05 01:10:33 -------- d-----w- c:\program files\ESET
    2011-01-05 00:29:03 -------- d-----w- c:\program files\Microsoft ATS
    2011-01-04 17:40:50 -------- d-----w- c:\users\pastor carl cutlip\Option
    2011-01-04 15:30:23 -------- d-----w- c:\users\pastor~1\appdata\roaming\ParetoLogic
    2011-01-04 15:30:23 -------- d-----w- c:\users\pastor~1\appdata\roaming\DriverCure
    2011-01-04 15:30:04 -------- d-----w- c:\progra~2\ParetoLogic
    2011-01-03 18:06:33 -------- d-----w- c:\program files\CCleaner
    2011-01-03 12:56:03 -------- d-----w- c:\users\pastor~1\appdata\roaming\Malwarebytes
    2011-01-03 12:55:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-03 12:55:51 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-03 12:55:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-03 12:55:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-03 03:34:16 388096 ----a-r- c:\users\pastor~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-03 03:34:14 -------- d-----w- c:\program files\Trend Micro
    2011-01-02 20:44:51 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-26 01:35:12 -------- d-----w- c:\program files\Linksys
    2010-12-26 01:34:31 -------- d-----w- c:\program files\Pure Networks
    2010-12-26 01:34:13 76184 ----a-w- c:\windows\system32\atsckernel.exe
    2010-12-26 01:34:12 20376 ----a-w- c:\windows\system32\atashost.exe
    2010-12-26 01:34:06 -------- d-----w- c:\progra~2\webex
    2010-12-26 01:34:03 8892928 ----a-w- c:\progra~2\atscie.msi
    2010-12-26 01:32:30 24880 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2010-12-26 01:31:47 26416 ----a-w- c:\windows\system32\drivers\purendis.sys
    2010-12-26 01:31:43 -------- d-----w- c:\program files\common files\Pure Networks Shared
    2010-12-26 01:31:30 -------- d-----w- c:\progra~2\Pure Networks
    2010-12-10 21:40:02 -------- d-----w- c:\windows\system32\EventProviders
    2010-12-10 00:50:24 51964 ----a-w- c:\progra~2\SPL1E68.tmp
    2010-12-07 23:55:16 51964 ----a-w- c:\progra~2\SPLBF1.tmp

    ==================== Find3M ====================

    2010-12-05 18:49:27 51964 ----a-w- c:\progra~2\SPL721.tmp
    2010-12-01 15:32:56 51964 ----a-w- c:\progra~2\SPL6328.tmp
    2010-11-06 11:10:29 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-06 11:10:13 357376 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-06 11:10:13 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-06 11:09:57 603648 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-05 00:53:47 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:02:24 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:03:07 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 12:56:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-18 14:01:05 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-18 13:56:44 2037248 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 10:49:50.74 ===============
     
  9. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-05 11:24:39
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
    Running: k9lxb208.exe; Driver: C:\Users\PASTOR~1\AppData\Local\Temp\ufrdiuob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EBB5268]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EBB527C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EBB52CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EBB5240]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EBB5254]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EBB52F6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EBB52E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EBB52BA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EBB52A6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EBB522C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EBB5292]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 821F51AD 5 Bytes JMP 8EBB52D2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateUserProcess 821FCE06 5 Bytes JMP 8EBB5296 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 82216FBC 5 Bytes JMP 8EBB5230 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 82236246 5 Bytes JMP 8EBB5258 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 82245BBE 5 Bytes JMP 8EBB5244 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 82268734 5 Bytes JMP 8EBB52AA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 82289552 5 Bytes JMP 8EBB52E6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 8228A59E 5 Bytes JMP 8EBB52FA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 822C831D 5 Bytes JMP 8EBB526C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 822C8368 7 Bytes JMP 8EBB5280 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 822C8E23 5 Bytes JMP 8EBB52BE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ? C:\Users\PASTOR~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[488] kernel32.dll!LoadLibraryW 776D361F 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[488] kernel32.dll!LoadLibraryA 776D9491 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\Explorer.EXE[2344] SHELL32.dll!InitNetworkAddressControl + 2939 76760064 4 Bytes [B0, 22, 7C, 01] {MOV AL, 0x22; JL 0x5}
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3492] ntdll.dll!LdrLoadDll 77C47933 5 Bytes JMP 010913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\[email protected]ror -2146498538

    ---- EOF - GMER 1.0.15 ----
     
  10. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Attach File
     

    Attached Files:

  11. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Now I am having trouble with booting up the system. Seems very unstable
     
  12. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  13. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  14. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  15. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972297

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice