I have used malwarebytes and mcafee to try and fix this they both find nothing.
Browser redirects are the main problem, but it also will not let mcafee update. That is all I have noticed.
As far as the redirects, I am redirected to a google search for adult materials and I have been redirected to a site that says it is scanning my system for viruses but I close out of the window before it completes.
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-08 22:02:19
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EFB89BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EFB8958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EFB896C]
Code 854EC348 ZwEnumerateKey
Code 85524510 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EFB89FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EFB8A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EFB8930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EFB8944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EFB89D2]
Code 853E01F8 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EFB8A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EFB8A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EFB89AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EFB8996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EFB8A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EFB8A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EFB89E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EFB8982]
Code 854F01E5 IofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 81E5E18C 5 Bytes JMP 8EFB89EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCallDriver 81EF2F6F 5 Bytes JMP 854F01EA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FE930B 5 Bytes JMP 85524514
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FF817C 5 Bytes JMP 8EFB8A43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FFFDCA 5 Bytes JMP 8EFB8986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82019F80 5 Bytes JMP 8EFB8A2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 820391DC 5 Bytes JMP 8EFB8948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8203CB57 5 Bytes JMP 853E01FC
PAGE ntkrnlpa.exe!ZwEnumerateKey 8203EBB4 5 Bytes JMP 854EC34C
PAGE ntkrnlpa.exe!NtOpenProcess 82048B18 5 Bytes JMP 8EFB8934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8205B74E 7 Bytes JMP 8EFB8A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8205BDA5 5 Bytes JMP 8EFB8A16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8205DFB6 5 Bytes JMP 8EFB89C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8206B674 5 Bytes JMP 8EFB899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8206D8CE 7 Bytes JMP 8EFB89D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8208C452 5 Bytes JMP 8EFB8A57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8208D49E 5 Bytes JMP 8EFB8A6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820CB1C1 5 Bytes JMP 8EFB895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820CB20C 7 Bytes JMP 8EFB8970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 820CBCCB 5 Bytes JMP 8EFB89AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.14 ----
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00420F66
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 004200AC
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00420F4B
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 004200D8
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00420F8B
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00420FCA
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00420065
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00420FB9
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 0042008A
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00420FA8
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00420040
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 0042009B
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00420F3A
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00420FE5
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00420000
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0042001B
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 768753E7 5 Bytes JMP 004200C7
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 0098005B
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00980FB9
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00980FE5
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00980040
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00980076
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 0098000A
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00980FD4
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00980025
.text C:\Windows\system32\services.exe[692] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 0099000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00240F55
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 0024009B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 002400C7
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 767E1C36 1 Byte [ E9 ]
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA + 2 767E1C38 3 Bytes [ F2, A5, 89 ]
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 0024006F
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00240040
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00240F8B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00240FC3
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00240080
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00240FA8
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00240FD4
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00240F70
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 002400D8
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 0024000A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0024001B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 768753E7 5 Bytes JMP 002400B6
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00250076
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 0025004A
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00250000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00250065
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00250FB9
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00250FDE
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00250FEF
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00250039
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00950087
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00950076
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00950F26
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009500B3
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00950F66
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00950FCA
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00950F9E
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00950F4B
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00950040
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00950FAF
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00950065
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 009500CE
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00950FE5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 768753E7 5 Bytes JMP 009500A2
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 0096005B
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00960076
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00960091
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00960025
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[896] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00990F37
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 0099007D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 009900BD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009900A2
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00990F92
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00990FCA
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 0099006C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00990051
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00990F77
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00990FAF
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00990F5C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00990F0B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00990F26
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 009A0F8A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 009A0FA5
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 009A0F6F
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 009A0FDB
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 009A0FC0
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00A0000A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00A40F6A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00A400BA
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00A400E6
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00A400CB
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00A40FAA
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00A40022
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00A40084
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00A40058
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00A40F8F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00A40073
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00A40033
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00A4009F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00A40F34
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00A40FDB
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00A40000
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00A40011
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00A40F4F
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00A50058
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00A50022
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00A50FE5
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00A5003D
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00A50F9B
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00A50FC0
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00A50000
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00A50011
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00A60FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00A6000A
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00A60FD4
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00A60FB9
.text C:\Windows\System32\svchost.exe[1008] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00E00000
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00DE0F72
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00DE00B8
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00DE00E7
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00DE0F50
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00DE0071
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00DE0FBC
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00DE0060
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00DE0039
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00DE008C
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00DE0F97
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00DE001E
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00DE009D
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00DE0F3F
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00DE0FDE
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00DE0FCD
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00DE0F61
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00DF0FAF
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00DF0040
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00DF005B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00DF0F9E
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00DF0FCA
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00E40051
.text C:\Windows\System32\svchost.exe[1144] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00E5000A
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 01200076
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 01200F30
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 012000A2
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 01200F01
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 01200F77
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 01200025
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 01200051
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 01200040
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 01200F66
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 01200F94
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 01200FB9
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 01200F41
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 01200EE6
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 01200FEF
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 01200000
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 01200FD4
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!WinExec 768753E7 5 Bytes JMP 01200087
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 01210F5E
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 01210000
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 01210FE5
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 01210F79
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 01210F4D
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 01210FB9
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 01210FCA
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 01210F94
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01660000
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01660FCA
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01660FE5
.text C:\Windows\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01660FB9
.text C:\Windows\System32\svchost.exe[1208] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01670000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00FD00A2
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00FD0091
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00FD0F26
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00FD00BD
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00FD005B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00FD0025
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00FD0F81
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00FD0FAF
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00FD006C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00FD0F9E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00FD0036
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00FD0F5C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00FD00E2
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00FD0FE5
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00FD0FD4
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00FD0F4B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00FE0058
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00FE0047
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00FE0FB6
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00FE0FA5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00FE0036
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00FF0011
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00FF0022
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01200FE5
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00E10045
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00E10F09
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00E10060
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00E10ED3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00E10F50
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00E10F9E
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00E10F61
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00E10F83
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00E10F35
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00E10F72
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00E1000A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00E10F1A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00E10071
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00E10FCA
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00E10FEF
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00E10FB9
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00E10EE4
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00E60036
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00E60F9E
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00E60FE5
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00E60025
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00E60051
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00E60FC0
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00E60000
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00E60FAF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01680FEF
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01680000
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01680FD4
.text C:\Windows\system32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01680011
.text C:\Windows\system32\svchost.exe[1396] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 016D0FEF
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 02B50F5F
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 02B50F70
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 02B500D1
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessA 767E1C36 1 Byte [ E9 ]
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateProcessA + 2 767E1C38 3 Bytes [ F2, 36, 8C ]
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 02B50065
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 02B5002F
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 02B50F81
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 02B50FA8
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 02B50080
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 02B5004A
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 02B50FC3
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 02B5009B
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 02B500E2
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 02B5000A
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 02B50FEF
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 02B50FDE
.text C:\Windows\Explorer.EXE[1500] kernel32.dll!WinExec 768753E7 5 Bytes JMP 02B500B6
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 02B60FCA
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 02B60FEF
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 02B6000A
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 02B6006C
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 02B60091
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 02B60036
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 02B6001B
.text C:\Windows\Explorer.EXE[1500] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 02B60051
.text C:\Windows\Explorer.EXE[1500] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 03300FEF
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 02B70FEF
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 02B70FC3
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 02B70FD4
.text C:\Windows\Explorer.EXE[1500] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 02B70FA8
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 01A300CB
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 01A300B0
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 01A30108
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 01A300ED
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 01A30F8F
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 01A30047
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 01A30FAA
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 01A30058
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 01A3008E
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 01A30073
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 01A30FDB
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 01A3009F
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 01A30F56
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 01A3001B
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 01A30000
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 01A30036
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!WinExec 768753E7 5 Bytes JMP 01A300DC
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 01A40FB9
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 01A4005B
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 01A4000A
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 01A40FD4
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 01A40F9E
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 01A40FE5
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 01A4001B
.text C:\Windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 01A40040
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 01A90000
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 01A90FDB
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 01A90011
.text C:\Windows\system32\svchost.exe[1932] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 01A90FCA
.text C:\Windows\system32\svchost.exe[1932] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 01B20FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3424] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3424] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00940098
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00940F52
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00940F26
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 009400BD
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00940011
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00940F94
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00940047
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00940073
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 0094002C
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00940F6D
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 009400D8
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[3676] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00940F41
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00950039
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00950014
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 0095004A
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00950FC3
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[3676] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00950FA8
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[3676] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[3676] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00C50082
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00C50071
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00C500BF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00C500AE
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00C50F61
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00C50FC3
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00C50F7C
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00C50FA8
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00C50056
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00C50F8D
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00C5002F
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00C50F46
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00C500D0
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00C5000A
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00C50FD4
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00C50093
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00C60062
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00C60051
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00C60000
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00C60FC0
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00C60F9B
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00C60FE5
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00C6001B
.text C:\Windows\system32\svchost.exe[3740] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00C60036
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00C70FEF
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00C70025
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00C7000A
.text C:\Windows\system32\svchost.exe[3740] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00C70FD4
.text C:\Windows\system32\svchost.exe[3740] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00C80000
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 00EF00C2
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 00EF00A7
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 00EF0F50
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 00EF0F6B
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 00EF0071
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 00EF0FD4
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 00EF0F97
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 00EF0FA8
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 00EF0F86
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 00EF0054
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 00EF0FC3
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 00EF0096
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 00EF0F3F
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 00EF0025
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!WinExec 768753E7 5 Bytes JMP 00EF00E7
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 00F00F72
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 00F00F8D
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 00F00FE5
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 00F0001E
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 00F00F61
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 00F00FB9
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 00F00FD4
.text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 00F00FA8
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 00F10000
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 00F10FCA
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 00F10FDB
.text C:\Windows\system32\svchost.exe[3848] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 00F10FAF
.text C:\Windows\system32\svchost.exe[3848] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetStartupInfoW 767E1929 5 Bytes JMP 008D00B6
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetStartupInfoA 767E19C9 5 Bytes JMP 008D00A5
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateProcessW 767E1C01 5 Bytes JMP 008D00EC
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateProcessA 767E1C36 5 Bytes JMP 008D0F4B
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!VirtualProtect 767E1DD1 5 Bytes JMP 008D006F
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateNamedPipeW 767E5C44 5 Bytes JMP 008D0FCA
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryExW 768030C3 5 Bytes JMP 008D0F97
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryW 7680361F 5 Bytes JMP 008D0FB9
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!VirtualProtectEx 76808D7E 5 Bytes JMP 008D0080
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryExA 76809469 5 Bytes JMP 008D0FA8
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!LoadLibraryA 76809491 5 Bytes JMP 008D0040
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreatePipe 76810284 5 Bytes JMP 008D0F7A
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!GetProcAddress 7682B8B6 5 Bytes JMP 008D0F3A
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateFileW 7682CC4E 5 Bytes JMP 008D001B
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateFileA 7682CF71 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!CreateNamedPipeA 768741F6 5 Bytes JMP 008D0FDB
.text C:\Windows\System32\svchost.exe[4016] kernel32.dll!WinExec 768753E7 5 Bytes JMP 008D00C7
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExA 7786B5E7 5 Bytes JMP 008E0F68
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyA 7786B8AE 5 Bytes JMP 008E0F9E
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyA 77870BF5 5 Bytes JMP 008E0000
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyW 7787B83D 5 Bytes JMP 008E0F79
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExW 7787BCE1 5 Bytes JMP 008E0F4D
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExA 7787D4E8 5 Bytes JMP 008E0FCA
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyW 77883CB0 5 Bytes JMP 008E0FE5
.text C:\Windows\System32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExW 7788F09D 5 Bytes JMP 008E0FAF
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenA 77C303DD 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenUrlA 77C320A3 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenW 77C32A58 5 Bytes JMP 008F0011
.text C:\Windows\System32\svchost.exe[4016] WININET.dll!InternetOpenUrlW 77C7AF79 5 Bytes JMP 008F002C
.text C:\Windows\System32\svchost.exe[4016] WS2_32.dll!socket 77CE36D1 5 Bytes JMP 00900FEF
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74D97BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74DD98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74D9D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74D8F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74D97599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74D8E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74DCB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74D9D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74D9012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74D90095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74D871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74E1D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74DB75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74D8DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74D8668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74D866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74D91E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1500] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01132B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011311D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [011327E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01131B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Modules - GMER 1.0.14 ----
Module \systemroot\system32\drivers\msqpdxebietver.sys (*** hidden *** ) 8E8D8000-8E902000 (172032 bytes)
---- Services - GMER 1.0.14 ----
Service C:\Windows\system32\drivers\msqpdxebietver.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxioujikxy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxebietver.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxioujikxy.dll
Reg HKLM\SOFTWARE\Classes\msqpdxvx
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxrun 71
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpff 8067
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxaff 3191
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxinfo ?}gx~yc?~d?``omcyjloumllqRSRc
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxid qfy?z{yz??i`???oc?oo?djhk"YVT!&W!_,
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxsrv 1745024793
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpos 5}~p|}{v?p4biedfbakz
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 -
http://www.gmer.netAutostart scan 2009-01-08 22:03:47
Windows 6.0.6001 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Acer HomeMedia Connect Service@ = "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
AcerMemUsageCheckService@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
Ati External Event Utility@ = %SystemRoot%\system32\Ati2evxx.exe
Capture Device Service@ = "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"
DIMSVC@ = C:\Program Files\Pa-software\Disc Image Demo\dimsvc.exe
eDataSecurity Service@ = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
eRecoveryService@ = C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
eSettingsService@ = C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McAfee SiteAdvisor Service@ = "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
mcmscsvc@ = C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc@ = "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy@ = c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McShield@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MSK80Service@ = "C:\Program Files\McAfee\MSK\MskSrver.exe"
SBSDWSCService@ = C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
TVersityMediaServer@ = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe
WMPNetworkSvc@ = "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@mcagent_exeC:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/ = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey /*file not found*/
@Acer Empowering Technology MonitorC:\Acer\Empowering Technology\SysMonitor.exe = C:\Acer\Empowering Technology\SysMonitor.exe
@PCMMediaSharingC:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
@SMSERIALC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
@eDataSecurity LoaderC:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
@Acer Product Registration"C:\Program Files\Acer Registration\ACE1.exe" /startup = "C:\Program Files\Acer Registration\ACE1.exe" /startup
@Acer Assist LauncherC:\Program Files\Acer Assist\launcher.exe = C:\Program Files\Acer Assist\launcher.exe
@StartCCC"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
@eRecoveryService /*file not found*/ = /*file not found*/
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AdobeCS4ServiceManager"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@RegistryMechanic /*file not found*/ = /*file not found*/
@THGuard"C:\Program Files\TrojanHunter 5.0\THGuard.exe" = "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} /*eDS psd drag drop protection*/C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll = C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} /*Haali Matroska Shell Property Page*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{327669A0-59A7-4be9-B99E-1C9F3A57611A} /*Haali Matroska Thumbnail Extractor*/C:\Windows\system32\mmfinfo.dll = C:\Windows\system32\mmfinfo.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/(null) =
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/(null) =
@{D845084B-D812-4CA2-A451-645608B24F85} /*Disc image shell menu extension*/C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll = C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/C:\PROGRA~1\TROJAN~1.0\contmenu.dll = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DIShellMenu@{D845084B-D812-4CA2-A451-645608B24F85} = C:\Program Files\Pa-software\Disc Image Demo\dishlext.dll
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
McCtxMenu@{01576F39-90DE-4D6E-A068-5B20C22BAAEE} = c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}c:\PROGRA~1\mcafee\msk\mcapbho.dll = c:\PROGRA~1\mcafee\msk\mcapbho.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}C:\Program Files\McAfee\VirusScan\scriptsn.dll = C:\Program Files\McAfee\VirusScan\scriptsn.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
@{B164E929-A1B6-4A06-B104-2CD0E90A88FF}c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\SSBRAN~1.SCR
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://en.us.acer.yahoo.com =
http://en.us.acer.yahoo.com@Start
Pagehttp://en.us.acer.yahoo.com =
http://en.us.acer.yahoo.com@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.msn.com/?vv=550 =
http://www.msn.com/?vv=550@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
sacore@CLSID = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E18E4F40-05F5-4E1C-8DCE-C1EFA89EA173} /*Local Area Connection*/ >>>
@IPAddress =
@NameServer =
@DefaultGateway =
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
C:\Users\moosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = MagicDisc.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
Empowering Technology Launcher.lnk = Empowering Technology Launcher.lnk
NETGEAR WG111v3 Smart Wizard.lnk = NETGEAR WG111v3 Smart Wizard.lnk
---- EOF - GMER 1.0.14 ----