1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help with almost unusable computer!

Discussion in 'Virus & Other Malware Removal' started by whitey1984, Oct 15, 2010.

Thread Status:
Not open for further replies.
  1. whitey1984

    whitey1984 Thread Starter

    Joined:
    Oct 15, 2010
    Messages:
    2
    Hi guys, i am having real trouble with my computer being very slow on startup and generally not working anywhere near its capabilities. I get fed up in the end and turn it off. I have posted all the required info below. Any help is greatly appreciated!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:27:25, on 15/10/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns117.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\WINDOWS\vsnp2uvc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Documents and Settings\Philip White\Application Data\GabPath\gabpath.exe
    C:\Documents and Settings\Philip White\Application Data\Microsoft\Windows\jnipmo.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\ResultDns\resultdns.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Bar] C:\Documents and Settings\Philip White\Local Settings\Temporary Internet Files\Content.IE5\SX6FPAEZ\access[1].exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [GabPath] C:\Documents and Settings\Philip White\Application Data\GabPath\gabpath.exe
    O4 - HKCU\..\Run: [SfKg6wIPuSp] C:\Documents and Settings\Philip White\Application Data\Microsoft\Windows\jnipmo.exe
    O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265544173781
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ResultDns Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns117.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    --
    End of file - 14243 bytes



    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Philip White at 19:41:07.31 on 15/10/2010
    Internet Explorer: 8.0.6001.18702
    ============== Pseudo HJT Report ===============
    uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
    uStart Page = hxxp://www.sky.com
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [GabPath] c:\documents and settings\philip white\application data\gabpath\gabpath.exe
    uRun: [SfKg6wIPuSp] c:\documents and settings\philip white\application data\microsoft\windows\jnipmo.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
    mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Bar] c:\documents and settings\philip white\local settings\temporary internet files\content.ie5\sx6fpaez\access[1].exe
    mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265544173781
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
    Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ============= SERVICES / DRIVERS ===============

    =============== Created Last 30 ================
    2010-10-15 18:53 <DIR> --d----- c:\docume~1\philip~1\applic~1\Uniblue
    2010-10-15 18:53 <DIR> --d----- c:\program files\Uniblue
    2010-10-15 18:29 2 a------- c:\windows\msoffice.ini
    2010-10-15 18:06 <DIR> --d----- c:\program files\Trend Micro
    2010-10-14 01:31 954,368 -------- c:\windows\system32\dllcache\mfc40.dll
    2010-10-14 01:31 953,856 -------- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 01:31 974,848 -------- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 01:31 617,472 -------- c:\windows\system32\dllcache\comctl32.dll
    ==================== Find3M ====================
    2010-09-18 12:23 974,848 a------- c:\windows\system32\mfc42u.dll
    2010-09-18 12:23 974,848 -------- c:\windows\system32\dllcache\mfc42u.dll
    2010-09-18 07:53 974,848 a------- c:\windows\system32\mfc42.dll
    2010-09-18 07:53 954,368 a------- c:\windows\system32\mfc40.dll
    2010-09-18 07:53 953,856 a------- c:\windows\system32\mfc40u.dll
    2010-09-01 12:51 285,824 a------- c:\windows\system32\atmfd.dll
    2010-09-01 12:51 285,824 -------- c:\windows\system32\dllcache\atmfd.dll
    2010-08-31 14:42 1,852,800 a------- c:\windows\system32\win32k.sys
    2010-08-31 14:42 1,852,800 -------- c:\windows\system32\dllcache\win32k.sys
    2010-08-27 09:02 119,808 a------- c:\windows\system32\t2embed.dll
    2010-08-27 09:02 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
    2010-08-27 06:57 99,840 a------- c:\windows\system32\srvsvc.dll
    2010-08-27 06:57 99,840 -------- c:\windows\system32\dllcache\srvsvc.dll
    2010-08-26 14:39 357,248 a------- c:\windows\system32\drivers\srv.sys
    2010-08-26 14:39 357,248 -------- c:\windows\system32\dllcache\srv.sys
    2010-08-26 13:52 5,120 a------- c:\windows\system32\xpsp4res.dll
    2010-08-26 13:22 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2010-08-25 23:36 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
    2010-08-23 17:12 617,472 a------- c:\windows\system32\comctl32.dll
    2010-08-17 14:17 58,880 a------- c:\windows\system32\spoolsv.exe
    2010-08-17 14:17 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
    2010-08-16 09:45 590,848 a------- c:\windows\system32\rpcrt4.dll
    2010-08-16 09:45 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
    2010-07-27 07:30 8,462,336 -------- c:\windows\system32\dllcache\shell32.dll
    2010-05-24 21:10 56 ---shr-- c:\windows\system32\D62290A6E8.sys
    2010-05-24 21:11 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2008-12-22 20:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat
    ============= FINISH: 19:45:37.45 ===============


    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit scan 2010-10-15 21:11:59
    Windows 5.1.2600 Service Pack 3
    Running: zp0c4dcu[1].exe; Driver: C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\pxtdapob.sys

    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE74757B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEE7474FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE7475A5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE74750F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE74753B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE7475CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE7474E7]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE74758F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE747525]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEE747551]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE747567]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE7475E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE7475B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP EE7475BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP EE7474EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP EE74757F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP EE7474FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP EE747593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP EE747555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP EE7475E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP EE7475D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP EE74756B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP EE74753F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP EE747513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP EE7475A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP EE747529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8018F80]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FEF
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80098
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80087
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80FB9
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80FCA
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80051
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A80F5C
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A80F77
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A800EB
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A800DA
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A80F41
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A8006C
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A80014
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80F88
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80036
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A80025
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A800BF
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70FCA
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70F94
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7001B
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A7000A
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A70FA5
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70FEF
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A70051
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70036
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60049
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60038
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A60FD2
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60FEF
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A6001D
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A6000C
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10FE5
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F10F68
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F10F83
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F10F94
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10051
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F10FB9
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F10F3C
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F10F4D
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F10F06
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F100A9
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F10EF5
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10036
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F1000A
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10078
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10025
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F10FCA
    .text C:\WINDOWS\system32\services.exe[840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F10F2B
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F0000A
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F00051
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F00FB9
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F00FCA
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F00040
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F00FE5
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F0002F
    .text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F00F9E
    .text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EF005D
    .text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0FD2
    .text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EF0FE3
    .text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EF0000
    .text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EF0038
    .text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EF001D
    .text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EE000A
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F0000A
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00056
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F61
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F72
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00F83
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00025
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F1F
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00067
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00078
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00EDF
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00093
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00F9E
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FEF
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F46
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FB9
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FCA
    .text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00F04
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FD4
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0FAF
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF001B
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FE5
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF006C
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF005B
    .text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0040
    .text C:\WINDOWS\system32\lsass.exe[852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0069
    .text C:\WINDOWS\system32\lsass.exe[852] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FDE
    .text C:\WINDOWS\system32\lsass.exe[852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0029
    .text C:\WINDOWS\system32\lsass.exe[852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
    .text C:\WINDOWS\system32\lsass.exe[852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0044
    .text C:\WINDOWS\system32\lsass.exe[852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE000C
    .text C:\WINDOWS\system32\lsass.exe[852] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FEF
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F88
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80F99
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A8007D
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A8006C
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80040
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A80F55
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A80F66
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A800DA
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A800C9
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A800EB
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80051
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A80014
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80F77
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80FD4
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A80025
    .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A800AE
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70FDB
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70058
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7002C
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A7001B
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A7003D
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70000
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A70F9B
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C7, 88]
    .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70FB6
    .text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60047
    .text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60036
    .text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A60FC6
    .text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60FEF
    .text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A6001B
    .text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60000
    .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A50FE5
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80000
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F8D
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80082
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80067
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E8004A
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80FC3
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F50
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F61
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F24
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800B3
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E800D8
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80FA8
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80011
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E80F7C
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E80FD4
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80FE5
    .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80F3F
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E70025
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E7007D
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E70014
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E70FDE
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E70062
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E70FEF
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E70051
    .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E70040
    .text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60FA3
    .text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E6002E
    .text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60FD9
    .text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60000
    .text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E60FBE
    .text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E6001D
    .text C:\WINDOWS\system32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50FEF
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028A0000
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028A0062
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028A0F77
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028A0F94
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028A0051
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028A0FB9
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028A0F48
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028A0084
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028A00E1
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028A00C6
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028A0F23
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028A0040
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028A0011
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028A0073
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028A0FCA
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028A0FDB
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028A00AB
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0289001B
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02890F9E
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02890FD4
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0289000A
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02890FAF
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02890FEF
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02890051
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02890036
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02880FBC
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 02880047
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02880FD7
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02880000
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0288002C
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02880011
    .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02870000
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02860000
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02860FEF
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02860025
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02860040
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F70
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F81
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F92
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770051
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FD4
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F53
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0077009B
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700D1
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700AC
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770F1D
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770FAF
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FE5
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0077008A
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770040
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0077001B
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770F38
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760FD4
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0076006F
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760FEF
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760025
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760FB2
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0076000A
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00760054
    .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FC3
    .text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750F95
    .text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750FA6
    .text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0075000C
    .text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750FE3
    .text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00750FC1
    .text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750FD2
    .text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FEF
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C006C
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F81
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C005B
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0F9E
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FD4
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00A4
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F5C
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C00EB
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00D0
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0F37
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0FB9
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0011
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0087
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0036
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FE5
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00BF
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FDE
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0065
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B002F
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B000A
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0FB2
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FCD
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
    .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B004A
    .text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FA3
    .text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0038
    .text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FD2
    .text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
    .text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A001D
    .text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FE3
    .text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0099000A
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01240FEF
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01240075
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01240F8A
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01240058
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01240047
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0124002C
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01240097
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01240F4F
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012400CD
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01240F2A
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012400E8
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01240FA5
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0124000A
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01240086
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0124001B
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01240FD4
    .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012400A8
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FCA
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8005F
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FE5
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F8001B
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F8004E
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F8000A
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F8003D
    .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F8002C
    .text C:\WINDOWS\Explorer.EXE[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0038
    .text C:\WINDOWS\Explorer.EXE[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FAD
    .text C:\WINDOWS\Explorer.EXE[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FE3
    .text C:\WINDOWS\Explorer.EXE[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0000
    .text C:\WINDOWS\Explorer.EXE[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0FC8
    .text C:\WINDOWS\Explorer.EXE[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB001D
    .text C:\WINDOWS\Explorer.EXE[1600] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DA0000
    .text C:\WINDOWS\Explorer.EXE[1600] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DA001B
    .text C:\WINDOWS\Explorer.EXE[1600] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DA0FE5
    .text C:\WINDOWS\Explorer.EXE[1600] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00DA0040
    .text C:\WINDOWS\Explorer.EXE[1600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FE5
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F24
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F3F
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F50
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F61
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0F97
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0045
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F09
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0ED1
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0EEC
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0085
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0F7C
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FCA
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0034
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FA8
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FB9
    .text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB006A
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930047
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930FC0
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093002C
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093001B
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093007D
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FDB
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930062
    .text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920066
    .text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FD1
    .text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092003A
    .text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
    .text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0092004B
    .text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920029
    .text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
    .text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FD4
    .text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FB9
    .text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00900FA8
    .text C:\WINDOWS\system32\svchost.exe[1788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0082
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0067
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A004A
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F8D
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA8
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00A4
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0093
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F1C
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F37
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F0B
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A002F
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A000A
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F72
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FB9
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD4
    .text C:\WINDOWS\System32\svchost.exe[2776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00B5
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290000
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F6F
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0029002C
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0029001B
    .text C:\WINDOWS\System32\svchost.exe[2776] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F94
    .text C:\WINDOWS\System32\svchost.exe[2776] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E003D
    .text C:\WINDOWS\System32\svchost.exe[2776] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FB2
    .text C:\WINDOWS\System32\svchost.exe[2776] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FDE
    .text C:\WINDOWS\System32\svchost.exe[2776] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
    .text C:\WINDOWS\System32\svchost.exe[2776] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FCD
    .text C:\WINDOWS\System32\svchost.exe[2776] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E000C
    .text C:\WINDOWS\System32\svchost.exe[2776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F3F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F50
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F61
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F02
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F13
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0026008A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260EF1
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600AF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F24
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260014
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0026006F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0035002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360033
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0036000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01140000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01140FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01140FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01140FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01170FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002600AE
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260089
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026006C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260051
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600E6
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F94
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260115
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F72
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260126
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600BF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260036
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F83
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035008A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0035002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0035006F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0035004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FA3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360038
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0036001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009D0FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009D0FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009D0014
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 009D002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A00FEF
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FE5
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F43
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F5E
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F79
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F8A
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FA5
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F10
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F21
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EC9
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0EE4
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0EA4
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B002C
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FD4
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F32
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0011
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0000
    .text C:\WINDOWS\system32\wuauclt.exe[3792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0EF5
    .text C:\WINDOWS\system32\wuauclt.exe[3792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FCA
    .text C:\WINDOWS\system32\wuauclt.exe[3792] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0055
    .text C:\WINDOWS\system32\wuauclt.exe[3792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0029
    .text C:\WINDOWS\system32\wuauclt.exe[3792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\system32\wuauclt.exe[3792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0044
    .text C:\WINDOWS\system32\wuauclt.exe[3792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0018
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B002C
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0073
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FDB
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0011
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FB6
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0058
    .text C:\WINDOWS\system32\wuauclt.exe[3792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0047
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    ---- EOF - GMER 1.0.15 ----

    Many thanks again
     

    Attached Files:

  2. whitey1984

    whitey1984 Thread Starter

    Joined:
    Oct 15, 2010
    Messages:
    2
    anyone please?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/956422

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice