possible infection

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

possible infection cannot start win defender or firewall...constant redirects

#1 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 24 December 2011 - 02:30 AM

I have extremely long hang ups when browsing. I recently checked windows firewall settings & found it was disabled. I tried to enable it & got program errors. Same with windows defender. I have also seen 2 BSOD's in the past 2 weeks. Full system scan with mcafee shows only cookies to be suspicious. I assume the things i do on my pc are not an endangerment to my pc & always keep my antivirus updated & active. Browsing a simple site like google can be very tedious almost every time. Any help is greatly appreciated.

dds
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Fresh Almighty at 6:05:17 on 2011-12-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2302.896 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
E:\Games\Half Life 2\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\System32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SearchPerks! Perk Counter: {2787ea8e-8d87-48af-88ad-b30246c917ab} - c:\program files\searchperks! perk counter\Bmbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111012204745.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SearchPerks! Perk Counter: {2787ea8e-8d87-48af-88ad-b30246c917ab} - c:\program files\searchperks! perk counter\Bmbho.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DSS] c:\windows\DosOCXPOP32.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "e:\games\half life 2\steam.exe" -silent
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
dRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p1 /q c:\users\fresha~1\appdata\local\temp\low\hsperf~1.sh! c:\users\fresha~1\appdata\local\temp\HSPERF~1.SH!
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: beatport.com\media
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0D8C8065-F712-4C9D-BC82-262D6987D636} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-10-12 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-12 165032]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-22 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-12 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-12 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-12 148520]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-12 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-12 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-12 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-12 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a06a2b98ceb0;Google Update Service (gupdate1c9a06a2b98ceb0);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-12 84488]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-23 05:27:01 388096 ----a-r- c:\users\fresh almighty\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-23 05:26:57 -------- d-----w- c:\program files\Trend Micro
2011-12-15 21:46:01 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2011-12-14 18:09:22 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-14 18:09:19 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-12-14 18:09:19 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-12-14 18:09:16 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-14 17:55:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:55:08 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 17:54:21 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:54:18 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:54:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 17:54:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 17:53:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-12-08 18:26:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 6:06:36.27 ===============

Attached File(s)

Attach.txt (9.85K)
Number of downloads: 0

#2 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 24 December 2011 - 02:35 AM

gmer was to long to post ,causing me to cut in half ::

gmer part 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-24 01:21:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3200822A rev.3.01
Running: rur1bvvy.exe; Driver: C:\Users\FRESHA~1\AppData\Local\Temp\fxtyapoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8384AD48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8384AD72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8384AD5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8384AD34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82E31982 5 Bytes JMP 8384AD38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\FRESHA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[504] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[504] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 006A0FCA
.text C:\Windows\system32\svchost.exe[504] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 006A000A
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00690F37
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00690F48
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00690F01
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00690098
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00690073
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00690FCA
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00690F63
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00690062
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00690047
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00690FA5
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 0069002C
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00690F7E
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 006900BD
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00690F26
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00670FB7
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!system 75A5804B 5 Bytes JMP 00670FC8
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00670FE3
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00670000
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00670038
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00670011
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00680F8D
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00680FC3
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00680FEF
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00680FA8
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00680F72
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00680014
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00680FD4
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00680025
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[552] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 6FD49AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[552] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 6FD49A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[660] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 002B0FEF
.text C:\Windows\System32\svchost.exe[660] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 002B000A
.text C:\Windows\System32\svchost.exe[660] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 002B0FD4
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 002A00A4
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 002A0093
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 002A0F32
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 002A0F43
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 002A0053
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 002A000A
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 002A001B
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 002A0F68
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 002A0042
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 002A0F94
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 002A0F83
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 002A0FB9
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 002A0078
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 002A0F21
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 002A0FCA
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 002A0FE5
.text C:\Windows\System32\svchost.exe[660] kernel32.dll!WinExec 771060CF 5 Bytes JMP 002A00B5
.text C:\Windows\System32\svchost.exe[660] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00260036
.text C:\Windows\System32\svchost.exe[660] msvcrt.dll!system 75A5804B 5 Bytes JMP 00260FAB
.text C:\Windows\System32\svchost.exe[660] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00260FD7
.text C:\Windows\System32\svchost.exe[660] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00260000
.text C:\Windows\System32\svchost.exe[660] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00260FC6
.text C:\Windows\System32\svchost.exe[660] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00260011
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00290036
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 0029000A
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00290FEF
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 0029001B
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00290047
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00290FB9
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00290FD4
.text C:\Windows\System32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00290F94
.text C:\Windows\System32\svchost.exe[660] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00280FEF
.text C:\Windows\system32\services.exe[668] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00160FE5
.text C:\Windows\system32\services.exe[668] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00160FB9
.text C:\Windows\system32\services.exe[668] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00160FCA
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 001500BA
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 001500A9
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00150F52
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 001500DF
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00150F99
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00150FCA
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 0015001B
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00150098
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00150073
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00150047
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExA 77099554 1 Byte [E9]
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00150058
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 0015002C
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00150F88
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00150F37
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00150FDB
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00150000
.text C:\Windows\system32\services.exe[668] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00150F63
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00A5004E
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00A50FC0
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00A50FEF
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00A5003D
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00A50069
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00A5001B
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00A5000A
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00A5002C
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00170FA6
.text C:\Windows\system32\services.exe[668] msvcrt.dll!system 75A5804B 5 Bytes JMP 00170027
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00170FC1
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00170FEF
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 0017000C
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00170FDE
.text C:\Windows\system32\services.exe[668] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00A4000A
.text C:\Windows\system32\services.exe[668] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00180FE5
.text C:\Windows\system32\services.exe[668] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 0018000A
.text C:\Windows\system32\services.exe[668] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00180FD4
.text C:\Windows\system32\services.exe[668] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 0018001B
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00040FEF
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00040FC3
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00040FDE
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00030F52
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00030F6D
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00030F12
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 000300A9
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00030FA3
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00030036
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00030FDB
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00030F7E
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00030FC0
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00030062
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00030073
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00030047
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00030098
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 000300CE
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 0003001B
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00030000
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00030F37
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00D00047
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00D00036
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00D0000A
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00D00FAF
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00D00062
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00D0001B
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00D00FEF
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00D00FCA
.text C:\Windows\system32\lsass.exe[680] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00050FBE
.text C:\Windows\system32\lsass.exe[680] msvcrt.dll!system 75A5804B 5 Bytes JMP 00050049
.text C:\Windows\system32\lsass.exe[680] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 0005001D
.text C:\Windows\system32\lsass.exe[680] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00050FEF
.text C:\Windows\system32\lsass.exe[680] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00050038
.text C:\Windows\system32\lsass.exe[680] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 0005000C
.text C:\Windows\system32\lsass.exe[680] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00CF0FEF
.text C:\Windows\system32\lsass.exe[680] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00060FE5
.text C:\Windows\system32\lsass.exe[680] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 0006001B
.text C:\Windows\system32\lsass.exe[680] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00060000
.text C:\Windows\system32\lsass.exe[680] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00060FCA
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 002A0FDE
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 002900D8
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 002900BD
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00290F41
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00290F5C
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00290F9C
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 0029001B
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00290040
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 002900A2
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00290FAD
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00290076
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00290FCA
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00290051
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00290091
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 002900F3
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00290FE5
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00290F6D
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 002B001B
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!system 75A5804B 5 Bytes JMP 002B0F86
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 002B0FC6
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_open 75A5D106 5 Bytes JMP 002B0FE3
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 002B0FAB
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00310F97
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00310FB9
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00310FA8
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 0031004A
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00310FDB
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00310FCA
.text C:\Windows\system32\svchost.exe[880] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00500FE5
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00500FCA
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00500000
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 004F0F46
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 004F0F57
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 004F00C2
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 004F0F35
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 004F0071
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 004F0FD4
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 004F001B
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 004F008C
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 004F0F8D
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 004F0F9E
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 004F004A
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 004F0FB9
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 004F0F7C
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 004F00DD
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 004F000A
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 004F0FEF
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!WinExec 771060CF 5 Bytes JMP 004F00B1
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00510056
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!system 75A5804B 5 Bytes JMP 0051003B
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00510016
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00510FC1
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00510FDE
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00550FC3
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00550051
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00550FEF
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00550FD4
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00550080
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00550025
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00550040
.text C:\Windows\system32\svchost.exe[952] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00540FEF
.text C:\Windows\system32\svchost.exe[952] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00520000
.text C:\Windows\system32\svchost.exe[952] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 0052002C
.text C:\Windows\system32\svchost.exe[952] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 0052001B
.text C:\Windows\system32\svchost.exe[952] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 0052003D
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00D90FE5
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00D90FD4
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00D90000
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 009E0F3E
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 009E008E
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 009E00BA
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 009E009F
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 009E0073
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 009E001B
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 009E002C
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 009E0F63
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 009E0058
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 009E0FA5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 009E0047
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 009E0FC0
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 009E0F7E
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 009E00D5
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 009E0000
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 009E0FEF
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!WinExec 771060CF 5 Bytes JMP 009E0F23
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00DA0FD4
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!system 75A5804B 5 Bytes JMP 00DA0055
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00DA0FEF
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00DA0000
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00DA0044
.text C:\Windows\System32\svchost.exe[1000] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00DA001D
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 009D0087
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 009D005B
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 009D0000
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 009D006C
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 009D0098
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 009D0FE5
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 009D001B
.text C:\Windows\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 009D0040
.text C:\Windows\System32\svchost.exe[1000] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00DF000A
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 000D0FEF
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 000D0FC3
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 000D0FDE
.text C:\Windows\System32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 000D000A
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 0158000A
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 01580FE5
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 01580025
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 01570085
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 01570F3F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 015700BB
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 015700AA
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 01570F6B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 01570FC3
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 01570014
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 01570F50
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 01570F7C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 01570039
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 01570F97
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 01570FA8
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7709DC52 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 01570056
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 015700D6
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 01570FD4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 01570FE5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 771060CF 5 Bytes JMP 01570F24
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 01590027
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 75A5804B 5 Bytes JMP 01590FA6
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 01590FC8
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 75A5D106 5 Bytes JMP 0159000C
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 01590FB7
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 01590FE3
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 016B005B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 016B0040
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 016B0FE5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 016B0FB9
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 016B0F9E
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 016B0FD4
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 016B0000
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 016B0025
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 015A0FEF
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00EA000A
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 00EA0036
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00EA001B
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00EA0FE5
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00050000
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 0005002C
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00050011
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00010F41
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00010F0B
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 000100A2
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00010F77
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 0001003D
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00010F5C
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00010EF0
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00010F26
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00060FC8
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!system 75A5804B 5 Bytes JMP 00060FD9
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00060038
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00060049
.text C:\Windows\system32\svchost.exe[1104] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00070F9B
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00070FC0
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00070047
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00070F8A
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00070022
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00070011
.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00070FD1
.text C:\Windows\system32\svchost.exe[1104] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 01410000
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 01410036
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 0141001B
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 00C9000A
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!KiUserExceptionDispatcher 771B5BF8 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 01400098
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 01400F52
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 01400F15
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 01400F26
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 01400F6D
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 01400FC0
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 01400011
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 0140007D
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 01400047
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 01400F9B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 01400F8A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 01400022
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 0140006C
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 014000C7
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 01400000
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 01400FEF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 771060CF 5 Bytes JMP 01400F37
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 0142004E
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 75A5804B 5 Bytes JMP 01420FC3
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 01420022
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 75A5D106 5 Bytes JMP 01420FEF
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 01420033
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 01420FDE
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 001F0051
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 001F0040
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 001F0F94
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 001F0FDE
.text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 01470FEF
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 001E0036
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 000D0FD4
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 000D000A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 000C0F35
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 000C0F46
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 000C00B1
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 000C0F1A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 000C0F72
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 000C0FDB
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 000C0FC0
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 000C0F61
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 000C0F83
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 000C0FA5
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 000C0F94
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 000C0036
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 000C0067
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 000C00CC
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 000C0011
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!WinExec 771060CF 5 Bytes JMP 000C0096
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 000E0F97
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!system 75A5804B 5 Bytes JMP 000E0FA8
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_open 75A5D106 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 000E0FC3
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 000E0018
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00070062
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00070FDB
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00070FA5
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 0007002C
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00070047
.text C:\Windows\system32\svchost.exe[1264] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 0100002F
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 0100000A
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW

#3 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 24 December 2011 - 02:40 AM

gmer part 2

.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00DF00C4
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00DF00A9
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00DF0062
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00DF001B
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00DF0FC0
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00DF0F6D
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00DF0051
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00DF0F9E
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00DF0040
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00DF0FAF
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00DF007D
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00DF00D5
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00DF000A
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00DF0F2D
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 01010047
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!system 75A5804B 5 Bytes JMP 01010036
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 0101001B
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_open 75A5D106 5 Bytes JMP 01010FEF
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 01010FC6
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 01010000
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00DC005F
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00DC0044
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00DC0000
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00DC0FBD
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00DC0FAC
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00DC0022
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00DC0011
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00DC0033
.text C:\Windows\system32\svchost.exe[1320] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 00DA0FDE
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00DA0FC3
.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 002A0FEF
.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 002A0FCD
.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 002A0FDE
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 002900AC
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 0029009B
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00290F3A
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00290F55
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00290F8B
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00290FD4
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00290FC3
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 0029008A
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00290065
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00290FA8
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 0029004A
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 0029002F
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00290F7A
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00290F29
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 0029000A
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00290FEF
.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!WinExec 771060CF 5 Bytes JMP 002900C7
.text C:\Windows\System32\svchost.exe[1360] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00260055
.text C:\Windows\System32\svchost.exe[1360] msvcrt.dll!system 75A5804B 5 Bytes JMP 00260044
.text C:\Windows\System32\svchost.exe[1360] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00260029
.text C:\Windows\System32\svchost.exe[1360] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00260FEF
.text C:\Windows\System32\svchost.exe[1360] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00260FD4
.text C:\Windows\System32\svchost.exe[1360] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00260018
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 0028006C
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00280051
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00280000
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00280FCA
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00280FB9
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00280FDB
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 0028001B
.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00280036
.text C:\Windows\System32\svchost.exe[1360] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00270FE5
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 0299000A
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 0299002C
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 0299001B
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 01D50F4D
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 01D50F72
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 01D500B8
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 01D50F21
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 01D50F8D
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 01D50014
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 01D50FC3
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 01D5009D
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 01D50065
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 01D5002F
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 01D50054
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 01D50FB2
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 01D5008C
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 01D500C9
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 01D50FD4
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 01D50FE5
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!WinExec 771060CF 5 Bytes JMP 01D50F32
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 01CE004E
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!system 75A5804B 5 Bytes JMP 01CE0FB9
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 01CE0018
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_open 75A5D106 5 Bytes JMP 01CE0FEF
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 01CE0029
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 01CE0FDE
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 01D40FB9
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 01D40040
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 01D40000
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 01D4005B
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 01D40F94
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 01D4001B
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 01D40FEF
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 01D40FD4
.text C:\Windows\system32\svchost.exe[1512] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 01D30000
.text C:\Windows\system32\svchost.exe[1512] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 01CF0FE5
.text C:\Windows\system32\svchost.exe[1512] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 01CF0FB9
.text C:\Windows\system32\svchost.exe[1512] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 01CF0FD4
.text C:\Windows\system32\svchost.exe[1512] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 01CF0000
.text C:\Windows\System32\svchost.exe[1644] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[1644] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 0008001B
.text C:\Windows\System32\svchost.exe[1644] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00070F63
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 000700B3
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00070104
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 000700E9
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 0007008E
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 0007002C
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 0007003D
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00070F88
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 0007007D
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00070062
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00070FC0
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00070FD1
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00070F99
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00070F52
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[1644] kernel32.dll!WinExec 771060CF 5 Bytes JMP 000700C4
.text C:\Windows\System32\svchost.exe[1644] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[1644] msvcrt.dll!system 75A5804B 5 Bytes JMP 00050FCD
.text C:\Windows\System32\svchost.exe[1644] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00050033
.text C:\Windows\System32\svchost.exe[1644] msvcrt.dll!_open 75A5D106 5 Bytes JMP 0005000C
.text C:\Windows\System32\svchost.exe[1644] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[1644] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00060040
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00060FAF
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00060F9E
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00060F83
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00060025
.text C:\Windows\System32\svchost.exe[1644] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00930FCD
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00930FDE
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 008000A7
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 0080008C
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 008000DD
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 008000C2
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00800F7C
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00800FC3
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00800FB2
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00800F57
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00800054
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 0080001E
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00800039
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00800FA1
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00800071
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 008000F8
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00800FD4
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00800FEF
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00800F46
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 007D0F9C
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!system 75A5804B 5 Bytes JMP 007D0FB7
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 007D0027
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_open 75A5D106 5 Bytes JMP 007D0000
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 007D0FC8
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 007D0FE3
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 007F0F91
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 007F0033
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 007F0FAC
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 007F0058
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 007F0022
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 007F0011
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 007F0FD1
.text C:\Windows\system32\svchost.exe[1672] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 007E0FEF
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 000C001B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 000900C9
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 000900B8
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00090F68
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 000900FF
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00090F8D
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00090036
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 0009009D
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00090F9E
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00090051
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00090FAF
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00090FCA
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 0009008C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00090F4D
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 0009001B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 0009000A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!WinExec 771060CF 5 Bytes JMP 000900E4
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00060038
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!system 75A5804B 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00060FD2
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00060FC1
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00080F94
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00080F83
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 0008002C
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00080FCA
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00080FB9
.text C:\Windows\system32\svchost.exe[1972] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 005B0FEF
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 005B0025
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 005B000A
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 005A00A4
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 005A0F5E
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 005A0F43
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 005A00D0
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 005A0F79
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 005A001B
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 005A002C
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 005A0093
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 005A0F94
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 005A0FB6
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 005A0FA5
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 005A003D
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 005A006E
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 005A0F32
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 005A000A
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 005A0FEF
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!WinExec 771060CF 5 Bytes JMP 005A00BF
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00580F9C
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!system 75A5804B 5 Bytes JMP 00580FAD
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00580FC8
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00580FE3
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 0058001D
.text C:\Windows\System32\svchost.exe[1988] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00580000
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 0059003D
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 0059002C
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00590FE5
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00590F9B
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 0059004E
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00590011
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00590000
.text C:\Windows\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00590FC0
.text C:\Windows\System32\svchost.exe[1988] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 010F000A
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 010F0FE5
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 010F001B
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 01030F4B
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 01030091
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 010300B6
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 01030F15
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 01030065
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 01030FEF
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 01030FCA
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 01030080
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 01030F8B
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 01030040
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 01030FA8
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 01030FB9
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 01030F70
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 01030F04
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 0103001B
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 01030000
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!WinExec 771060CF 5 Bytes JMP 01030F3A
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00580FB9
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!system 75A5804B 5 Bytes JMP 00580FD4
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00580033
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_open 75A5D106 5 Bytes JMP 0058000C
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00580044
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00580FEF
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 01020F83
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 01020FB9
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 01020FEF
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 01020F9E
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 01020F68
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 01020025
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 0102000A
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 01020FD4
.text C:\Windows\system32\svchost.exe[2452] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 0101000A
.text C:\Windows\system32\svchost.exe[2452] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[2452] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 01000FC3
.text C:\Windows\system32\svchost.exe[2452] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 01000FDE
.text C:\Windows\system32\svchost.exe[2452] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 01000FB2
.text C:\Windows\Explorer.EXE[3152] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 03F00FEF
.text C:\Windows\Explorer.EXE[3152] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 03F00FDE
.text C:\Windows\Explorer.EXE[3152] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 03F00014
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 03EF0F79
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 03EF00B5
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 03EF0F43
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 03EF00DA
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 03EF0078
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 03EF0FCA
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 03EF001B
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 03EF00A4
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 03EF0F9E
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 03EF0051
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 03EF0FAF
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 03EF0036
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 03EF0089
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 03EF0F32
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 03EF0FE5
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 03EF0000
.text C:\Windows\Explorer.EXE[3152] kernel32.dll!WinExec 771060CF 5 Bytes JMP 03EF0F5E
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 03EA0FC0
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 03EA0FDB
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 03EA000A
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 03EA0062
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 03EA0FAF
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 03EA0040
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 03EA001B
.text C:\Windows\Explorer.EXE[3152] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 03EA0051
.text C:\Windows\Explorer.EXE[3152] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 04330F97
.text C:\Windows\Explorer.EXE[3152] msvcrt.dll!system 75A5804B 5 Bytes JMP 04330FB2
.text C:\Windows\Explorer.EXE[3152] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 04330FCD
.text C:\Windows\Explorer.EXE[3152] msvcrt.dll!_open 75A5D106 5 Bytes JMP 04330FEF
.text C:\Windows\Explorer.EXE[3152] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 04330022
.text C:\Windows\Explorer.EXE[3152] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 04330FDE
.text C:\Windows\Explorer.EXE[3152] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 04340000
.text C:\Windows\Explorer.EXE[3152] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 04340FE5
.text C:\Windows\Explorer.EXE[3152] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 04340011
.text C:\Windows\Explorer.EXE[3152] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 04340FCA
.text C:\Windows\Explorer.EXE[3152] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 04350FEF
.text C:\Windows\system32\svchost.exe[3364] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3364] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[3364] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00040FDB
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00010F2C
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00010F3D
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 0001008D
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00010EF6
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00010F7A
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00010F58
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00010054
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00010F97
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00010039
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00010FB2
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00010F69
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00010EDB
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3364] kernel32.dll!WinExec 771060CF 5 Bytes JMP 00010F07
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00060FCA
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!system 75A5804B 5 Bytes JMP 00060055
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_open 75A5D106 5 Bytes JMP 0006000C
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 0006003A
.text C:\Windows\system32\svchost.exe[3364] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00060029
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00070F86
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00070FA1
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00070028
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 0007004D
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00070FCD
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00070FDE
.text C:\Windows\system32\svchost.exe[3364] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00070FBC
.text C:\Windows\system32\svchost.exe[3364] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[3364] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[3364] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 00190011
.text C:\Windows\system32\svchost.exe[3364] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00190FDB
.text C:\Windows\system32\svchost.exe[3364] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00190FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 0004000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00040FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 0001009B
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00010F55
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00010F3A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 000100D1
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00010F81
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 0001002F
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00010080
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 0001005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00010F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00010040
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00010F66
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00010F29
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!WinExec 771060CF 5 Bytes JMP 000100B6
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00050065
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00050FB9

gmer part 3

.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 0005000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 0005004A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00050076
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00050FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00050FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00050025
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!EnableWindow 7728CD8B 5 Bytes JMP 6B839A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxParamW 772B10B0 5 Bytes JMP 6B79170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxIndirectParamW 772B2EF5 5 Bytes JMP 6B9862BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxParamA 772C8152 5 Bytes JMP 6B986259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxIndirectParamA 772C847D 5 Bytes JMP 6B986323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxIndirectA 772DD4D9 5 Bytes JMP 6B9861E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxIndirectW 772DD5D3 5 Bytes JMP 6B986167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxExA 772DD639 5 Bytes JMP 6B986103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxExW 772DD65D 5 Bytes JMP 6B98609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00060F95
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] msvcrt.dll!system 75A5804B 5 Bytes JMP 00060FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00060FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] msvcrt.dll!_open 75A5D106 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00060FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00060FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00070FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 00070FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00070014
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 0007002F
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 007D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00040FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00040FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00010082
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00010F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00010F06
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00010F17
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00010F68
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00010FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00010022
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00010F57
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00010F79
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00010FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00010F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00010FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 0001005D
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 000100C2
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00010011
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateThread 770BCB2E 5 Bytes JMP 6B7F7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] kernel32.dll!WinExec 771060CF 5 Bytes JMP 0001009D
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 00050F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00050F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00050000
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 0005002F
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 0005004A
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00050FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00050FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00050FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateDialogParamW 772872A2 5 Bytes JMP 6B986628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!GetAsyncKeyState 7728863C 5 Bytes JMP 6B7DDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 6B832194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CallNextHookEx 77288E3B 5 Bytes JMP 6B857BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 6B87EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!EnableWindow 7728CD8B 5 Bytes JMP 6B839A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DefWindowProcA 7728DB88 7 Bytes JMP 6B7F952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateWindowExA 7728DC2A 5 Bytes JMP 6B803363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateWindowExW 77291305 5 Bytes JMP 6B85FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!GetKeyState 77298CB1 5 Bytes JMP 6B7DDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DefWindowProcW 772A03B4 7 Bytes JMP 6B857C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!IsDialogMessageW 772A0745 5 Bytes JMP 6B986D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateDialogParamA 772A17AA 5 Bytes JMP 6B9865F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!IsDialogMessage 772A1847 2 Bytes JMP 6B986D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!IsDialogMessage + 3 772A184A 2 Bytes [6E, F4] {OUTSB ; HLT }
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateDialogIndirectParamA 772A26F1 5 Bytes JMP 6B986660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateDialogIndirectParamW 772A9A62 5 Bytes JMP 6B986698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetKeyboardState 772B0987 5 Bytes JMP 6B987649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxParamW 772B10B0 5 Bytes JMP 6B79170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxIndirectParamW 772B2EF5 5 Bytes JMP 6B9862BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SendInput 772B2F75 5 Bytes JMP 6B9875F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!EndDialog 772B326E 5 Bytes JMP 6B98702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetCursorPos 772C6FB2 5 Bytes JMP 6B9876CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxParamA 772C8152 5 Bytes JMP 6B986259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DialogBoxIndirectParamA 772C847D 5 Bytes JMP 6B986323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxIndirectA 772DD4D9 5 Bytes JMP 6B9861E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxIndirectW 772DD5D3 5 Bytes JMP 6B986167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxExA 772DD639 5 Bytes JMP 6B986103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!MessageBoxExW 772DD65D 5 Bytes JMP 6B98609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!keybd_event 772DD972 5 Bytes JMP 6B9875AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00060022
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] msvcrt.dll!system 75A5804B 5 Bytes JMP 00060F97
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00060000
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00060011
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00060FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] SHELL32.dll!SHRestricted + D95 75B489A8 4 Bytes [CF, 01, 1C, 69] {IRET ; ADD [ECX+EBP*2], EBX}
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] SHELL32.dll!SHRestricted + D9D 75B489B0 8 Bytes [E0, 61, 1B, 69, 79, F7, 1B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] ole32.dll!OleLoadFromStream 76AE1E80 5 Bytes JMP 6B986A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetCloseHandle 765EB7C4 5 Bytes JMP 691843D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetReadFile 765EEA3A 5 Bytes JMP 691844F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00070000
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 0007001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetConnectA 76615556 5 Bytes JMP 69184790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!HttpOpenRequestA 76615639 5 Bytes JMP 69184690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00070FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00070036
.text C:\Program Files\Internet Explorer\iexplore.exe[4976] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00DF0000
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00040014
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00040FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 000100C7
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 000100B6
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00010F41
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00010F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00010F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 000100A5
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00010F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00010040
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00010065
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00010080
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 000100F3
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateThread 770BCB2E 5 Bytes JMP 6B7F7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] kernel32.dll!WinExec 771060CF 5 Bytes JMP 000100D8
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 0005004A
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00050014
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00050FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00050039
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00050F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00050FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00050FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00050FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CreateDialogParamW 772872A2 5 Bytes JMP 6B986628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!GetAsyncKeyState 7728863C 5 Bytes JMP 6B7DDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 6B832194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CallNextHookEx 77288E3B 5 Bytes JMP 6B857BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 6B87EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!EnableWindow 7728CD8B 5 Bytes JMP 6B839A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!DefWindowProcA 7728DB88 7 Bytes JMP 6B7F952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CreateWindowExA 7728DC2A 5 Bytes JMP 6B803363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CreateWindowExW 77291305 5 Bytes JMP 6B85FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!GetKeyState 77298CB1 5 Bytes JMP 6B7DDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!DefWindowProcW 772A03B4 7 Bytes JMP 6B857C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!IsDialogMessageW 772A0745 5 Bytes JMP 6B986D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CreateDialogParamA 772A17AA 5 Bytes JMP 6B9865F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!IsDialogMessage 772A1847 2 Bytes JMP 6B986D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!IsDialogMessage + 3 772A184A 2 Bytes [6E, F4] {OUTSB ; HLT }
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CreateDialogIndirectParamA 772A26F1 5 Bytes JMP 6B986660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!CreateDialogIndirectParamW 772A9A62 5 Bytes JMP 6B986698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!SetKeyboardState 772B0987 5 Bytes JMP 6B987649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!DialogBoxParamW 772B10B0 5 Bytes JMP 6B79170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!DialogBoxIndirectParamW 772B2EF5 5 Bytes JMP 6B9862BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!SendInput 772B2F75 5 Bytes JMP 6B9875F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!EndDialog 772B326E 5 Bytes JMP 6B98702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!SetCursorPos 772C6FB2 5 Bytes JMP 6B9876CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!DialogBoxParamA 772C8152 5 Bytes JMP 6B986259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!DialogBoxIndirectParamA 772C847D 5 Bytes JMP 6B986323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!MessageBoxIndirectA 772DD4D9 5 Bytes JMP 6B9861E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!MessageBoxIndirectW 772DD5D3 5 Bytes JMP 6B986167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!MessageBoxExA 772DD639 5 Bytes JMP 6B986103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!MessageBoxExW 772DD65D 5 Bytes JMP 6B98609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] USER32.dll!keybd_event 772DD972 5 Bytes JMP 6B9875AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 00060049
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] msvcrt.dll!system 75A5804B 5 Bytes JMP 0006002E
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 00060FD9
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] msvcrt.dll!_open 75A5D106 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00060FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 0006001D
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] SHELL32.dll!SHRestricted + D95 75B489A8 4 Bytes [CF, 01, 1C, 69] {IRET ; ADD [ECX+EBP*2], EBX}
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] SHELL32.dll!SHRestricted + D9D 75B489B0 8 Bytes [E0, 61, 1B, 69, 79, F7, 1B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] ole32.dll!OleLoadFromStream 76AE1E80 5 Bytes JMP 6B986A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetCloseHandle 765EB7C4 5 Bytes JMP 691843D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetReadFile 765EEA3A 5 Bytes JMP 691844F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00070FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 00070FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetConnectA 76615556 5 Bytes JMP 69184790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!HttpOpenRequestA 76615639 5 Bytes JMP 69184690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 00070FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00070FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[6324] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 00D90FEF
.text C:\Windows\System32\ping.exe[7616] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00A6000A
.text C:\Windows\System32\ping.exe[7616] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 00A7000A
.text C:\Windows\System32\ping.exe[7616] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 0088000A
.text C:\Windows\System32\ping.exe[7616] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 0089000A
.text C:\Windows\System32\ping.exe[7616] ntdll.dll!NtCreateUserProcess 771B5654 5 Bytes JMP 00A8000A
.text C:\Windows\System32\ping.exe[7616] ntdll.dll!KiUserExceptionDispatcher 771B5BF8 5 Bytes JMP 0087000A
.text C:\Windows\System32\ping.exe[7616] USER32.dll!WindowFromPoint 7728884F 5 Bytes JMP 00B5000A
.text C:\Windows\System32\ping.exe[7616] USER32.dll!GetForegroundWindow 772932C4 5 Bytes JMP 00B6000A
.text C:\Windows\System32\ping.exe[7616] USER32.dll!GetCursorPos 772A0B88 5 Bytes JMP 00B4000A
.text C:\Windows\System32\ping.exe[7616] ole32.dll!CoCreateInstance 76B19F3E 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 00140FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 00140FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 00140FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!GetStartupInfoW 77071929 5 Bytes JMP 00010097
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!GetStartupInfoA 770719C9 5 Bytes JMP 00010086
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateProcessW 77071BF3 5 Bytes JMP 00010F11
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateProcessA 77071C28 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateProcessA 77071C28 5 Bytes JMP 00010F2C
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!VirtualProtect 77071DC3 5 Bytes JMP 00010F79
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateNamedPipeA 77072EF5 5 Bytes JMP 00010011
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateNamedPipeW 77075C0C 5 Bytes JMP 00010FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreatePipe 77098F06 5 Bytes JMP 00010075
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!LoadLibraryExW 7709927C 5 Bytes JMP 00010047
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!LoadLibraryW 77099400 5 Bytes JMP 00010F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!LoadLibraryExA 77099554 5 Bytes JMP 00010F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!LoadLibraryA 7709957C 5 Bytes JMP 00010022
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!VirtualProtectEx 7709DC52 5 Bytes JMP 00010064
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!GetProcAddress 770B925B 5 Bytes JMP 00010F00
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateFileW 770BB0EB 5 Bytes JMP 00010FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateThread 770BCB2E 5 Bytes JMP 6B7F7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!CreateFileA 770BD07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] kernel32.dll!WinExec 771060CF 5 Bytes JMP 000100B2
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegCreateKeyExA 76FC39AB 5 Bytes JMP 0015003D
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegCreateKeyA 76FC3BA9 5 Bytes JMP 00150FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegOpenKeyA 76FC89C7 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegCreateKeyW 76FD391E 5 Bytes JMP 00150FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegCreateKeyExW 76FD41F1 5 Bytes JMP 00150058
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegOpenKeyExA 76FD7C42 5 Bytes JMP 00150022
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegOpenKeyW 76FDE2B5 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ADVAPI32.dll!RegOpenKeyExW 76FE7BA1 5 Bytes JMP 00150FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CreateDialogParamW 772872A2 5 Bytes JMP 6B986628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!GetAsyncKeyState 7728863C 5 Bytes JMP 6B7DDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 6B832194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CallNextHookEx 77288E3B 5 Bytes JMP 6B857BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 6B87EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!EnableWindow 7728CD8B 5 Bytes JMP 6B839A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!DefWindowProcA 7728DB88 7 Bytes JMP 6B7F952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CreateWindowExA 7728DC2A 5 Bytes JMP 6B803363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CreateWindowExW 77291305 5 Bytes JMP 6B85FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!GetKeyState 77298CB1 5 Bytes JMP 6B7DDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!DefWindowProcW 772A03B4 7 Bytes JMP 6B857C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!IsDialogMessageW 772A0745 5 Bytes JMP 6B986D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CreateDialogParamA 772A17AA 5 Bytes JMP 6B9865F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!IsDialogMessage 772A1847 2 Bytes JMP 6B986D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!IsDialogMessage + 3 772A184A 2 Bytes [6E, F4] {OUTSB ; HLT }
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CreateDialogIndirectParamA 772A26F1 5 Bytes JMP 6B986660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!CreateDialogIndirectParamW 772A9A62 5 Bytes JMP 6B986698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!SetKeyboardState 772B0987 5 Bytes JMP 6B987649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!DialogBoxParamW 772B10B0 5 Bytes JMP 6B79170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!DialogBoxIndirectParamW 772B2EF5 5 Bytes JMP 6B9862BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!SendInput 772B2F75 5 Bytes JMP 6B9875F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!EndDialog 772B326E 5 Bytes JMP 6B98702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!SetCursorPos 772C6FB2 5 Bytes JMP 6B9876CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!DialogBoxParamA 772C8152 5 Bytes JMP 6B986259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!DialogBoxIndirectParamA 772C847D 5 Bytes JMP 6B986323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!MessageBoxIndirectA 772DD4D9 5 Bytes JMP 6B9861E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!MessageBoxIndirectW 772DD5D3 5 Bytes JMP 6B986167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!MessageBoxExA 772DD639 5 Bytes JMP 6B986103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!MessageBoxExW 772DD65D 5 Bytes JMP 6B98609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] USER32.dll!keybd_event 772DD972 5 Bytes JMP 6B9875AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] msvcrt.dll!_wsystem 75A57F2F 5 Bytes JMP 0016005D
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] msvcrt.dll!system 75A5804B 5 Bytes JMP 00160FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] msvcrt.dll!_creat 75A5BBE1 5 Bytes JMP 0016001D
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] msvcrt.dll!_open 75A5D106 5 Bytes JMP 00160000
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] msvcrt.dll!_wcreat 75A5D326 5 Bytes JMP 00160042
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] msvcrt.dll!_wopen 75A5D501 5 Bytes JMP 00160FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] SHELL32.dll!SHRestricted + D95 75B489A8 4 Bytes [CF, 01, 1C, 69] {IRET ; ADD [ECX+EBP*2], EBX}
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] SHELL32.dll!SHRestricted + D9D 75B489B0 8 Bytes [E0, 61, 1B, 69, 79, F7, 1B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] ole32.dll!OleLoadFromStream 76AE1E80 5 Bytes JMP 6B986A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetCloseHandle 765EB7C4 5 Bytes JMP 691843D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetReadFile 765EEA3A 5 Bytes JMP 691844F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetOpenA 76604E3C 5 Bytes JMP 00170FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetOpenUrlA 7660BFDE 5 Bytes JMP 0017001B
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetConnectA 76615556 5 Bytes JMP 69184790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!HttpOpenRequestA 76615639 5 Bytes JMP 69184690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetOpenW 7663C126 5 Bytes JMP 0017000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WININET.dll!InternetOpenUrlW 7666D8D2 5 Bytes JMP 00170036
.text C:\Program Files\Internet Explorer\iexplore.exe[7692] WS2_32.dll!socket 76DE36D1 5 Bytes JMP 02420000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB23016$\3688710486 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\@ 2048 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\bckfg.tmp 814 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\cfg.ini 216 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\keywords 255 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\L 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\80000032.@ 97792 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\a[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\24905_c_clickpayz_com[2].htm 14 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\slf[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\177w100h[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\FDAF_SharedAsset_Border_300x250_Panel[1].swf 1099 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\FDAF_SharedAsset_Button_17[1].swf 3478 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\flowplayer.yume[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T83T6K\iframe3[10].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\adserv_16905[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\footer-bg[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\footnav[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\bd9e36bf-1d55-45e5-8c9f-479bdf3897eb[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\fw-nonplayer-banner[10].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\ThumbSeed2[1].js 110864 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\path-bg[1].gif 603 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\ping[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\ad[1].htm 388 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\kiehls-111511-3[1].jpg 3303 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\laurenconrad-blueavocado-main[1].jpg 6735 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\screenhunter_21_dec._23_12.36[1].jpg 6378 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\screenhunter_45_sep._19_12.20[1].jpg 5839 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\style[2].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\st[10] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\st[11] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\main[1].css 9945 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\audit_303br_net[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\navhov[1].png 236 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\newsvidz_com[1].htm 33593 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\black_trans_bg[1].png 113 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\blank[2].gif 49 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\border[1].png 128 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\broker[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\bwcheck-speedcalc[1].swf 57333 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\b_blue-square-media_com[2].js 232 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\education[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWMJE9QU\effects[1].js 38471 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\info_48[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\ptj[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\httpErrorPagesScripts[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\errorPageStrings[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\ErrorPageTemplate[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\dref=http%253A%252F%252Fholidays.shopflick.com%252Fiframepull1[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\CD_SAM_FS_160x600[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\CD_SAM_FS_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LELCE44B\ddc[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSWMI3XE\r[1].js 168 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSWMI3XE\down[1] 748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSWMI3XE\getjs[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMNYDMEJ\pixel[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMNYDMEJ\v=5;m=3;l=1317;c=190920;b=1209055;ts=20111224011855[1].htm 1341 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\AdDisplayTrackerServlet[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\emily[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\disp[1].htm 4064 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\eventCA8RVTZW.js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\IkQwIOr1mG0[1].jpg 4703 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\b1e7e9b22902ef03f9b5d208ec19870248288117[1].jpg 6094 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYMD4GQM\ros2[1].htm 773 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTP1BDIV\ADTECH;loc=100;target=_blank;misc=1324707752812;adiframe=y[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTP1BDIV\afr[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTP1BDIV\collect[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTP1BDIV\fw-nonplayer-banner[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DTY2VSOR.txt 532 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M56M2862.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QXJS6UHS.txt 197 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GDUU50PR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3ON3QC7M.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B6P441I6.txt 2027 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y44FESEH.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BMTTSSYH.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZSS8KISC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HA83UMU1.txt 197 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SVX0HBTP.txt 4043 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8WHI77EB.txt 10109 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4HS575AF.txt 755 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IM03CAJY.txt 1646 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZDZB52E0.txt 109 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6FZ1YVFZ.txt 92 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9U37F30N.txt 3580 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XDXP2WYW.txt 4942 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LN4Y16M7.txt 1240 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\T6LG3QI3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2L2QU3U1.txt 5951 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XLZES2M0.txt 90 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CZLWUEZ4.txt 1070 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7YEBZA3R.txt 535 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0RVPDA7W.txt 532 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MQD2U7SJ.txt 302 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1YDIYSAF.txt 4001 bytes

---- EOF - GMER 1.0.15 ----

#4 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 30 December 2011 - 03:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434288 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 30 December 2011 - 08:29 PM

i have the original dvd of my os. windows vista home premium sp2...no new occurances of the blue screen since original post. major redirects to websites that mcafee responds to "as suspicious". 2 full system scan show no threats, but computer is very slow at certain times.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Fresh Almighty at 18:16:36 on 2011-12-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2302.1224 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\ping.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SearchPerks! Perk Counter: {2787ea8e-8d87-48af-88ad-b30246c917ab} - c:\program files\searchperks! perk counter\Bmbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111012204745.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SearchPerks! Perk Counter: {2787ea8e-8d87-48af-88ad-b30246c917ab} - c:\program files\searchperks! perk counter\Bmbho.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DSS] c:\windows\DosOCXPOP32.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "e:\games\half life 2\steam.exe" -silent
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [CmTray] "c:\program files\content manager\launchCM.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
dRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p1 /q c:\users\fresha~1\appdata\local\temp\low\hsperf~1.sh! c:\users\fresha~1\appdata\local\temp\HSPERF~1.SH!
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: beatport.com\media
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0D8C8065-F712-4C9D-BC82-262D6987D636} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-10-12 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-12 165032]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-22 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-12 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-12 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-12 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-12 148520]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-12 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-12 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-12 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a06a2b98ceb0;Google Update Service (gupdate1c9a06a2b98ceb0);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-12 52320]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-12 84488]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-24 21:38:11 -------- d-----w- c:\program files\Content Manager
2011-12-23 05:27:01 388096 ----a-r- c:\users\fresh almighty\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-23 05:26:57 -------- d-----w- c:\program files\Trend Micro
2011-12-15 21:46:01 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2011-12-14 18:09:22 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-14 18:09:19 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-12-14 18:09:19 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-12-14 18:09:16 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-14 17:55:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:55:08 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 17:54:21 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:54:18 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:54:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 17:54:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 17:53:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-12-08 18:26:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:17:36.16 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 19:15:19
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3200822A rev.3.01
Running: 7xk5124o.exe; Driver: C:\Users\FRESHA~1\AppData\Local\Temp\fxtyapoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8384AD48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8384AD72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8384AD5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8384AD34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82E34982 5 Bytes JMP 8384AD38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\FRESHA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[300] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[300] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 008B0FDE
.text C:\Windows\system32\svchost.exe[300] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 008B0014
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00E2008A
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00E20F44
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00E20F04
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00E200A5
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00E20F7A
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00E20FE5
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00E20FD4
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00E20F55
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00E20F97
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00E20FC3
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00E20FA8
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00E20040
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00E2006F
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00E20EF3
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00E20025
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00E20000
.text C:\Windows\system32\svchost.exe[300] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00E20F33
.text C:\Windows\system32\svchost.exe[300] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00890FB7
.text C:\Windows\system32\svchost.exe[300] msvcrt.dll!system 760B804B 5 Bytes JMP 00890042
.text C:\Windows\system32\svchost.exe[300] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00890FD2
.text C:\Windows\system32\svchost.exe[300] msvcrt.dll!_open 760BD106 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[300] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00890027
.text C:\Windows\system32\svchost.exe[300] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 0089000C
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 008A0FA1
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 008A0FB2
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 008A0F90
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 008A0025
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 008A0014
.text C:\Windows\system32\svchost.exe[300] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 008A0FD4
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[340] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 6F4E9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[340] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 6F4E9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[456] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00870FEF
.text C:\Windows\System32\svchost.exe[456] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 0087001B
.text C:\Windows\System32\svchost.exe[456] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 0087000A
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00880F26
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00880F41
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 008800A2
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00880091
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 0088002C
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00880FDB
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00880FC0
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00880062
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00880F52
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00880F8A
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00880F79
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00880FAF
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00880047
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00880EE6
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00880011
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00880000
.text C:\Windows\System32\svchost.exe[456] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00880F15
.text C:\Windows\System32\svchost.exe[456] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00160F9A
.text C:\Windows\System32\svchost.exe[456] msvcrt.dll!system 760B804B 5 Bytes JMP 00160FB5
.text C:\Windows\System32\svchost.exe[456] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 0016001B
.text C:\Windows\System32\svchost.exe[456] msvcrt.dll!_open 760BD106 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[456] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00160FC6
.text C:\Windows\System32\svchost.exe[456] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00160FE3
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExA 776B39AB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 006D0FAF
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 006D0051
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 006D0000
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 006D0FCA
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 006D006C
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 006D0FE5
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 006D001B
.text C:\Windows\System32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 006D0036
.text C:\Windows\System32\svchost.exe[456] WS2_32.dll!socket 761236D1 5 Bytes JMP 006C0FEF
.text C:\Windows\System32\svchost.exe[648] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 001C0000
.text C:\Windows\System32\svchost.exe[648] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 001C0FDB
.text C:\Windows\System32\svchost.exe[648] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 001C001B
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00210F3E
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00210F63
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 002100B0
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00210F23
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00210062
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 0021000A
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00210025
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00210084
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00210F94
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00210FAF
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00210051
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00210036
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00210073
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 002100C1
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00210FD4
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[648] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 0021009F
.text C:\Windows\System32\svchost.exe[648] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00090F9C
.text C:\Windows\System32\svchost.exe[648] msvcrt.dll!system 760B804B 5 Bytes JMP 00090FB7
.text C:\Windows\System32\svchost.exe[648] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 0009001D
.text C:\Windows\System32\svchost.exe[648] msvcrt.dll!_open 760BD106 5 Bytes JMP 00090FEF
.text C:\Windows\System32\svchost.exe[648] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00090FC8
.text C:\Windows\System32\svchost.exe[648] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 000B0054
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 000B002F
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 000B0FEF
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 000B0FA8
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 000B0065
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 000B0FCA
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 000B0000
.text C:\Windows\System32\svchost.exe[648] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 000B0FB9
.text C:\Windows\System32\svchost.exe[648] WS2_32.dll!socket 761236D1 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 000C0000
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 000C001B
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 000D00C6
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 000D00B5
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 000D00F2
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 000D00E1
.text C:\Windows\system32\services.exe[656] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 000D009A
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 000D002C
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 000D0047
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 000D0F8A
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 000D0FC0
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 000D007D
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 000D0FDB
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 000D006C
.text C:\Windows\system32\services.exe[656] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 000D0F9B
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 000D0F4A
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 000D001B
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 000D0000
.text C:\Windows\system32\services.exe[656] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 000D0F65
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyExA 776B39AB 1 Byte [E9]
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00670FAF
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00670051
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 0067000A
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00670FC0
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00670F9E
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00670FE5
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 0067001B
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00670040
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 000E0053
.text C:\Windows\system32\services.exe[656] msvcrt.dll!system 760B804B 5 Bytes JMP 000E0042
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 000E0FE3
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_open 760BD106 5 Bytes JMP 000E0000
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 000E0FD2
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 000E0011
.text C:\Windows\system32\services.exe[656] WS2_32.dll!socket 761236D1 5 Bytes JMP 000F0000
.text C:\Windows\system32\services.exe[656] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00680FEF
.text C:\Windows\system32\services.exe[656] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 0068000A
.text C:\Windows\system32\services.exe[656] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00680FD4
.text C:\Windows\system32\services.exe[656] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00680025
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 000B0025
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 000B0014
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 000C0F40
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 000C0F51
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 000C00B2
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 000C00A1
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 000C0F84
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 000C0FDE
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 000C0FCD
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 000C0F62
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 000C0FAB
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 000C005E
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 000C0FBC
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 000C0039
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 000C0F73
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 000C0F00
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 000C0014
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 000C0F25
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00900F7C
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00900F97
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00900FEF
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 0090001E
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00900F6B
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00900FC3
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00900FD4
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00900FB2
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 000D0FB2
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!system 760B804B 5 Bytes JMP 000D003D
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 000D0022
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_open 760BD106 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 000D0FCD
.text C:\Windows\system32\lsass.exe[672] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\lsass.exe[672] WS2_32.dll!socket 761236D1 5 Bytes JMP 008B0000
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 0091000A
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 0091002F
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00910FEF
.text C:\Windows\system32\lsass.exe[672] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00910FDE
.text C:\Windows\System32\ping.exe[780] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 0094000A
.text C:\Windows\System32\ping.exe[780] ntdll.dll!NtCreateProcessEx 779C42F4 5 Bytes JMP 0095000A
.text C:\Windows\System32\ping.exe[780] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 0072000A
.text C:\Windows\System32\ping.exe[780] ntdll.dll!NtWriteVirtualMemory 779C54C4 5 Bytes JMP 0077000A
.text C:\Windows\System32\ping.exe[780] ntdll.dll!NtCreateUserProcess 779C5654 5 Bytes JMP 0096000A
.text C:\Windows\System32\ping.exe[780] ntdll.dll!KiUserExceptionDispatcher 779C5BF8 5 Bytes JMP 001E000A
.text C:\Windows\System32\ping.exe[780] USER32.dll!WindowFromPoint 7620884F 5 Bytes JMP 00EA000A
.text C:\Windows\System32\ping.exe[780] USER32.dll!GetForegroundWindow 762132C4 5 Bytes JMP 00EB000A
.text C:\Windows\System32\ping.exe[780] USER32.dll!GetCursorPos 76220B88 5 Bytes JMP 00E7000A
.text C:\Windows\System32\ping.exe[780] ole32.dll!CoCreateInstance 76579F3E 5 Bytes JMP 00D2000A
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00160FEF
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00160025
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00170F28
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00170F4D
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00170EF5
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00170F06
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00170067
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00170F5E
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00170F8D
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00170FAF
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00170FC0
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00170078
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00170EE4
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00170F17
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00180FC8
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!system 760B804B 5 Bytes JMP 00180FD9
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 0018002E
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_open 760BD106 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00180053
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00180011
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 001A006F
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 001A004A
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 001A0FC3
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 001A0FA8
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 001A002F
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 001A0014
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[868] WS2_32.dll!socket 761236D1 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00870FB9
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00870FD4
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00880F4E
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00880094
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00880F0E
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00880F29
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00880079
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00880FC3
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 0088001E
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00880F69
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00880F95
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 0088004A
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00880FB2
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 0088002F
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00880F84
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 008800C0
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00880FDE
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 008800A5
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 0089004E
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!system 760B804B 5 Bytes JMP 00890FC3
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00890029
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_open 760BD106 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 0089000C
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 0091005B
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00910040
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00910FB9
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 0091006C
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00910FDE
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00910025
.text C:\Windows\system32\svchost.exe[940] WS2_32.dll!socket 761236D1 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 0092001B
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 0092000A
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00920FCA
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 01040FEF
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 01040FC3
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 01040FD4
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 010500E1
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 010500D0
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 01050117
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 01050F80
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 010500A4
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 01050036
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 01050FEF
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 01050FA5
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 01050087
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 01050076
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 01050FCA
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 0105005B
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 010500B5
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 01050128
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 01050025
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 0105000A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 010500FC
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00DC0F9C
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!system 760B804B 5 Bytes JMP 00DC0027
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00DC0FD2
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_open 760BD106 5 Bytes JMP 00DC0FEF
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00DC0FB7
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00DC000C
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00DD0F8A
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00DD002C
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00DD0000
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00DD0FAF
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00DD0F6F
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00DD001B
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00DD0FE5
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00DD0FC0
.text C:\Windows\System32\svchost.exe[972] WS2_32.dll!socket 761236D1 5 Bytes JMP 01070FE5
.text C:\Windows\System32\svchost.exe[972] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 01F70FE5
.text C:\Windows\System32\svchost.exe[972] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 01F70014
.text C:\Windows\System32\svchost.exe[972] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 01F70FD4
.text C:\Windows\System32\svchost.exe[972] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 01F70FC3
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00D10000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00D10FD4
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00D10FEF
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00D60F52
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00D60F6D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00D600C4
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00D60F37
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00D6006C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00D60025
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00D60040
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00D600A2
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00D6005B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00D60FB9
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00D60FA8
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00D60FD4
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00D60087
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00D600D5
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00D6000A
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00D60FEF
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00D600B3
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00D80FAD
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!system 760B804B 5 Bytes JMP 00D80FBE
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00D80FD9
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_open 760BD106 5 Bytes JMP 00D80000
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00D8002E
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00D8001D
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00970036
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00970FAF
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00970000
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00970F94
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00970F6F
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00970011
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00970FE5
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00970FC0
.text C:\Windows\System32\svchost.exe[1056] WS2_32.dll!socket 761236D1 5 Bytes JMP 00DD0000
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 01590000
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 01590025
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 01590FE5
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 01590FCA
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00F9001B
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00F90FE5
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory 779C54C4 5 Bytes JMP 00AB000A
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher 779C5BF8 5 Bytes JMP 00A5000A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00FA00A2
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00FA0F5C
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00FA00CE
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00FA00BD
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00FA0F77
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00FA0FDB
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00FA0FCA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00FA0087
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00FA0F94
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00FA0047
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00FA0FA5
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00FA0036
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00FA006C
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00FA00E9
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00FA0011
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00FA0000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00FA0F41
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00FF0058
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 760B804B 5 Bytes JMP 00FF003D
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00FF0022
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 760BD106 5 Bytes JMP 00FF0FEF
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00FF0FCD
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00FF0FDE
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 776B39AB 3 Bytes JMP 00F70FD4
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA + 4 776B39AF 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 776B3BA9 3 Bytes JMP 00F7005B
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA + 4 776B3BAD 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 776B89C7 3 Bytes JMP 00F70000
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA + 4 776B89CB 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00F70076
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00F7009B
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00F7001B
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00F70040
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 761236D1 5 Bytes JMP 0134000A
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 00F80FDE
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00F80FEF
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00F80FC3
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00220FE5
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00220014
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00220FD4
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 002300B8
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00230F68
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 002300C9
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00230F32
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 0023005D
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00230FDE
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00230093
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00230F83
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00230040
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00230F94
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00230FB9
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00230082
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00230F17
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00230F57
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00240FA6
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!system 760B804B 5 Bytes JMP 00240FB7
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00240016
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_open 760BD106 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00240027
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00240FD2
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00210069
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00210058
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00210FD1
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00210FAC
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00210036
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 0021001B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00210047
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 761236D1 5 Bytes JMP 00290FE5
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 008D0FCD
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 008E00A4
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 008E0F5E
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 008E0F21
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 008E0F3C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 008E007F
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 008E0036
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 008E0FE5
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 008E0F79
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 008E0062
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 008E0051
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 008E0FA5
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 008E0FCA
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 008E0F8A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 008E0F06
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 008E001B
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 008E0F4D
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 008A0FA6
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!system 760B804B 5 Bytes JMP 008A0FB7
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 008A001D
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_open 760BD106 5 Bytes JMP 008A0FE3
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 008A0FD2
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 008C005B
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 008C004A
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 008C0FC3
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 008C006C
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 008C0FDE
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 008C002F
.text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 761236D1 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 008A0FDE
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 008B00AC
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 008B0091
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 008B0F26
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 008B0F41
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 008B0F81
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 008B0FCA
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 008B0FB9
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 008B0080
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 008B005B
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 008B0040
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 008B0F9E
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 008B002F
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 008B0F66
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 008B00D8
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 008B00BD
.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00A50042
.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!system 760B804B 5 Bytes JMP 00A50FAD
.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00A50FD2
.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_open 760BD106 5 Bytes JMP 00A50000
.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00A50027
.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00A50FE3
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00880051
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00880FB9
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00880040
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 0088006C
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00880FE5
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00880FCA
.text C:\Windows\system32\svchost.exe[1292] WS2_32.dll!socket 761236D1 5 Bytes JMP 00A60000
.text C:\Windows\system32\svchost.exe[1292] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 00890FE5
.text C:\Windows\system32\svchost.exe[1292] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 0089001B
.text C:\Windows\system32\svchost.exe[1292] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00890FD4
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00AD0FEF
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00AD000A
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00AD0FD4
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00AF00DA
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00AF0F8A
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00AF0F65
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00AF0106
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00AF00A4
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00AF0FDB
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00AF0036
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00AF00BF
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00AF0FC0
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00AF0062
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00AF007D
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00AF0051
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00AF0FAF
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00AF0F54
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00AF001B
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00AF0000
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00AF00EB
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00B00F95
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!system 760B804B 5 Bytes JMP 00B00FB0
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00B00FC1
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_open 760BD106 5 Bytes JMP 00B00FEF
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00B00016
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00B00FDE
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00AB0076
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00AB0FD4
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00AB0000
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00AB0065
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00AB0FB9
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00AB0036
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00AB001B
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00AB0FE5
.text C:\Windows\system32\svchost.exe[1468] WS2_32.dll!socket 761236D1 5 Bytes JMP 00AA000A
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00AC0FEF
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 00AC0025
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00AC0014
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00AC0036
.text C:\Windows\System32\svchost.exe[1788] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[1788] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[1788] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00080087
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00080F37
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 000800BD
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00080F26
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 0008002C
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00080FC0
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00080011
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00080062
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00080F52
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00080F94
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00080F6F
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00080FA5
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00080047
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 000800D8
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[1788] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00080098
.text C:\Windows\System32\svchost.exe[1788] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00050FAB
.text C:\Windows\System32\svchost.exe[1788] msvcrt.dll!system 760B804B 5 Bytes JMP 00050FC6
.text C:\Windows\System32\svchost.exe[1788] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[1788] msvcrt.dll!_open 760BD106 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[1788] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[1788] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00050FD7
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 0006008E
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00060062
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00060073
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 000600A9
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00060047
.text C:\Windows\System32\svchost.exe[1788] WS2_32.dll!socket 761236D1 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[1924] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[1924] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[1924] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 000800AE
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00080F68
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 000800E1
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 000800D0
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00080F8D
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 0008002F
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 0008009D
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00080065
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00080FB9
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00080FA8
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00080040
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00080082
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00080F39
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateFileW 77ADB0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 000800BF
.text C:\Windows\system32\svchost.exe[1924] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00370044
.text C:\Windows\system32\svchost.exe[1924] msvcrt.dll!system 760B804B 5 Bytes JMP 00370FC3
.text C:\Windows\system32\svchost.exe[1924] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00370FDE
.text C:\Windows\system32\svchost.exe[1924] msvcrt.dll!_open 760BD106 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[1924] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00370033
.text C:\Windows\system32\svchost.exe[1924] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00370018
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00060062
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00060047
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00060FE5
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00060FC0
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00060FA5
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 0006002C
.text C:\Windows\system32\svchost.exe[1924] WS2_32.dll!socket 761236D1 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[1940] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00960000
.text C:\Windows\System32\svchost.exe[1940] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00960FDE
.text C:\Windows\System32\svchost.exe[1940] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00960FEF
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00970067
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00970F21
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00970EF5
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00970F10
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00970F3C
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00970FCA
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00970FAF
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 0097004C
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00970F57
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00970F79
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00970F68
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00970F94
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00970031
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 009700A7
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00970FE5
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00970000
.text C:\Windows\System32\svchost.exe[1940] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 0097008C
.text C:\Windows\System32\svchost.exe[1940] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 008B0042
.text C:\Windows\System32\svchost.exe[1940] msvcrt.dll!system 760B804B 5 Bytes JMP 008B001D
.text C:\Windows\System32\svchost.exe[1940] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 008B000C
.text C:\Windows\System32\svchost.exe[1940] msvcrt.dll!_open 760BD106 5 Bytes JMP 008B0FEF
.text C:\Windows\System32\svchost.exe[1940] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 008B0FAD
.text C:\Windows\System32\svchost.exe[1940] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 008B0FD2
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 0095004A
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 0095002F
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00950FEF
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00950FA8
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00950065
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00950FD4
.text C:\Windows\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00950FB9
.text C:\Windows\System32\svchost.exe[1940] WS2_32.dll!socket 761236D1 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00D50FEF
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00D50FCA
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00D50000
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 01100F3A
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 01100F4B
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 01100EF3
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 01100F04
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 01100065
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 0110000A
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 0110002F
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 01100F66
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 01100F97
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 01100FA8
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 0110004A
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 01100FC3
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 01100076
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 0110009B
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 01100FDE
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 01100FEF
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 01100F1F
.text C:\Windows\system32\svchost.exe[2380] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 008F002F
.text C:\Windows\system32\svchost.exe[2380] msvcrt.dll!system 760B804B 5 Bytes JMP 008F001E
.text C:\Windows\system32\svchost.exe[2380] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 008F0FB5
.text C:\Windows\system32\svchost.exe[2380] msvcrt.dll!_open 760BD106 5 Bytes JMP 008F0FE3
.text C:\Windows\system32\svchost.exe[2380] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 008F0FA4
.text C:\Windows\system32\svchost.exe[2380] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 008F0FC6
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00910FC3
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 0091004A
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00910065
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00910FA8
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00910FDE
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 0091002F
.text C:\Windows\system32\svchost.exe[2380] WS2_32.dll!socket 761236D1 5 Bytes JMP 00900FEF
.text C:\Windows\system32\svchost.exe[2380] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00920000
.text C:\Windows\system32\svchost.exe[2380] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 00920FE5
.text C:\Windows\system32\svchost.exe[2380] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00920011
.text C:\Windows\system32\svchost.exe[2380] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 0092002C
.text C:\Windows\system32\svchost.exe[2736] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[2736] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[2736] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00010F55
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00010F70
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00010F3A
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 000100D1
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 0001002F
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 0001009B
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00010F81
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00010F15
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[2736] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 000100B6
.text C:\Windows\system32\svchost.exe[2736] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 0006004C
.text C:\Windows\system32\svchost.exe[2736] msvcrt.dll!system 760B804B 5 Bytes JMP 00060FC1
.text C:\Windows\system32\svchost.exe[2736] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[2736] msvcrt.dll!_open 760BD106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[2736] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00060FD2
.text C:\Windows\system32\svchost.exe[2736] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 0007004A
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 0007005B
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00070087
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[2736] WS2_32.dll!socket 761236D1 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00040025
.text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00010F23
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00010F48
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 0001009F
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00010F12
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00010F63
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00010073
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 0001003D
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00010F9B
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00010F8A
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00010FB6
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00010058
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 000100BA
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3092] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00010084
.text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00060067
.text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!system 760B804B 5 Bytes JMP 00060042
.text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 0006000C
.text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_open 760BD106 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00060FD2
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExA 776B39AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00070FAF
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00070047
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00070FC0
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 0007002C
.text C:\Windows\system32\svchost.exe[3092] WS2_32.dll!socket 761236D1 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[3092] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[3092] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[3092] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[3092] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 0088002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00040FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00040FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00010F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00010F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00010EFC
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00010F17
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00010F68
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 00010078
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00010F79
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00010F94
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 0001005D
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 000100AE
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 0001000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateThread 77ADCB2E 5 Bytes JMP 6BEE7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00010093
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00150F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 0015002F
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00150FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00150F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00150FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogParamW 762072A2 5 Bytes JMP 6C076628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!GetAsyncKeyState 7620863C 5 Bytes JMP 6BECDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SetWindowsHookExW 762087AD 5 Bytes JMP 6BF22194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CallNextHookEx 76208E3B 5 Bytes JMP 6BF47BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!UnhookWindowsHookEx 762098DB 5 Bytes JMP 6BF6EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!EnableWindow 7620CD8B 5 Bytes JMP 6BF29A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DefWindowProcA 7620DB88 7 Bytes JMP 6BEE952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateWindowExA 7620DC2A 5 Bytes JMP 6BEF3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateWindowExW 76211305 5 Bytes JMP 6BF4FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!GetKeyState 76218CB1 5 Bytes JMP 6BECDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DefWindowProcW 762203B4 7 Bytes JMP 6BF47C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!IsDialogMessageW 76220745 5 Bytes JMP 6C076D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogParamA 762217AA 5 Bytes JMP 6C0765F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!IsDialogMessage 76221847 2 Bytes JMP 6C076D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!IsDialogMessage + 3 7622184A 2 Bytes [E5, F5] {IN EAX, 0xf5}
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogIndirectParamA 762226F1 5 Bytes JMP 6C076660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogIndirectParamW 76229A62 5 Bytes JMP 6C076698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SetKeyboardState 76230987 5 Bytes JMP 6C077649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxParamW 762310B0 5 Bytes JMP 6BE8170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxIndirectParamW 76232EF5 5 Bytes JMP 6C0762BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SendInput 76232F75 5 Bytes JMP 6C0775F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!EndDialog 7623326E 5 Bytes JMP 6C07702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SetCursorPos 76246FB2 5 Bytes JMP 6C0776CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxParamA 76248152 5 Bytes JMP 6C076259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxIndirectParamA 7624847D 5 Bytes JMP 6C076323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxIndirectA 7625D4D9 5 Bytes JMP 6C0761E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxIndirectW 7625D5D3 5 Bytes JMP 6C076167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxExA 7625D639 5 Bytes JMP 6C076103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxExW 7625D65D 5 Bytes JMP 6C07609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!keybd_event 7625D972 5 Bytes JMP 6C0775AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00160031
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] msvcrt.dll!system 760B804B 5 Bytes JMP 00160FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00160FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] msvcrt.dll!_open 760BD106 5 Bytes JMP 00160FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00160016
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00160FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] SHELL32.dll!SHRestricted + D95 76AD89A8 4 Bytes [CF, 01, DE, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] SHELL32.dll!SHRestricted + D9D 76AD89B0 8 Bytes [E0, 61, DD, 6B, 79, F7, DD, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ole32.dll!OleLoadFromStream 76541E80 5 Bytes JMP 6C076A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetCloseHandle 7784B7C4 5 Bytes JMP 6B1843D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetReadFile 7784EA3A 5 Bytes JMP 6B1844F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00170000
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 00170011
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetConnectA 77875556 5 Bytes JMP 6B184790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!HttpOpenRequestA 77875639 5 Bytes JMP 6B184690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00170FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 0017002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!socket 761236D1 5 Bytes JMP 00A00000
.text C:\Windows\Explorer.EXE[6564] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 0004000A
.text C:\Windows\Explorer.EXE[6564] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 0004002C
.text C:\Windows\Explorer.EXE[6564] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 0004001B
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 00010F44
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 00010F55
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00010F18
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 000100AF
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00010F8B
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 0001008A
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00010065
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00010FA8
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00010F70
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 00010EFD
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateFileW 77ADB0EB 1 Byte [E9]
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[6564] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 00010F33
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00060073
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00060051
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 00060062
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 0006008E
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 00060025
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[6564] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00060040
.text C:\Windows\Explorer.EXE[6564] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 0007002C
.text C:\Windows\Explorer.EXE[6564] msvcrt.dll!system 760B804B 5 Bytes JMP 0007001B
.text C:\Windows\Explorer.EXE[6564] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00070000
.text C:\Windows\Explorer.EXE[6564] msvcrt.dll!_open 760BD106 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[6564] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 00070FAB
.text C:\Windows\Explorer.EXE[6564] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 00070FC6
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetCloseHandle 7784B7C4 5 Bytes JMP 6B1843D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetReadFile 7784EA3A 5 Bytes JMP 6B1844F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 03AB0FE5
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 03AB0FCA
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetConnectA 77875556 5 Bytes JMP 6B184790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[6564] WININET.dll!HttpOpenRequestA 77875639 5 Bytes JMP 6B184690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 03AB0000
.text C:\Windows\Explorer.EXE[6564] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 03AB0FB9
.text C:\Windows\Explorer.EXE[6564] WS2_32.dll!socket 761236D1 5 Bytes JMP 03C10FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ntdll.dll!NtCreateFile 779C4224 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ntdll.dll!NtCreateProcess 779C42E4 5 Bytes JMP 00040FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ntdll.dll!NtProtectVirtualMemory 779C4B84 5 Bytes JMP 00040FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!GetStartupInfoW 77A91929 5 Bytes JMP 000100DA
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!GetStartupInfoA 77A919C9 5 Bytes JMP 000100BF
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreateProcessW 77A91BF3 5 Bytes JMP 00010117
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreateProcessA 77A91C28 5 Bytes JMP 00010106
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!VirtualProtect 77A91DC3 5 Bytes JMP 00010082
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreateNamedPipeA 77A92EF5 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreateNamedPipeW 77A95C0C 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreatePipe 77AB8F06 5 Bytes JMP 000100A4
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!LoadLibraryExW 77AB927C 5 Bytes JMP 00010067
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!LoadLibraryW 77AB9400 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!LoadLibraryExA 77AB9554 5 Bytes JMP 00010F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!LoadLibraryA 77AB957C 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!VirtualProtectEx 77ABDC52 5 Bytes JMP 00010093
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!GetProcAddress 77AD925B 5 Bytes JMP 0001013C
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreateFileW 77ADB0EB 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!CreateFileA 77ADD07F 5 Bytes JMP 0001000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] kernel32.dll!WinExec 77B260CF 5 Bytes JMP 000100EB
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegCreateKeyExA 776B39AB 5 Bytes JMP 00050F79
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegCreateKeyA 776B3BA9 5 Bytes JMP 00050F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegOpenKeyA 776B89C7 5 Bytes JMP 00050FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegCreateKeyW 776C391E 5 Bytes JMP 0005001B
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegCreateKeyExW 776C41F1 5 Bytes JMP 00050F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegOpenKeyExA 776C7C42 5 Bytes JMP 0005000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegOpenKeyW 776CE2B5 5 Bytes JMP 00050FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] ADVAPI32.dll!RegOpenKeyExW 776D7BA1 5 Bytes JMP 00050FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!EnableWindow 7620CD8B 5 Bytes JMP 6BF29A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!DialogBoxParamW 762310B0 5 Bytes JMP 6BE8170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!DialogBoxIndirectParamW 76232EF5 5 Bytes JMP 6C0762BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!DialogBoxParamA 76248152 5 Bytes JMP 6C076259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!DialogBoxIndirectParamA 7624847D 5 Bytes JMP 6C076323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!MessageBoxIndirectA 7625D4D9 5 Bytes JMP 6C0761E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!MessageBoxIndirectW 7625D5D3 5 Bytes JMP 6C076167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!MessageBoxExA 7625D639 5 Bytes JMP 6C076103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] USER32.dll!MessageBoxExW 7625D65D 5 Bytes JMP 6C07609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] msvcrt.dll!_wsystem 760B7F2F 5 Bytes JMP 00060053
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] msvcrt.dll!system 760B804B 5 Bytes JMP 00060038
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] msvcrt.dll!_creat 760BBBE1 5 Bytes JMP 00060FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] msvcrt.dll!_open 760BD106 5 Bytes JMP 00060FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] msvcrt.dll!_wcreat 760BD326 5 Bytes JMP 0006001D
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] msvcrt.dll!_wopen 760BD501 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] WININET.dll!InternetOpenA 77864E3C 5 Bytes JMP 00070FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] WININET.dll!InternetOpenUrlA 7786BFDE 5 Bytes JMP 00070FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] WININET.dll!InternetOpenW 7789C126 5 Bytes JMP 00070FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] WININET.dll!InternetOpenUrlW 778CD8D2 5 Bytes JMP 00070014
.text C:\Program Files\Internet Explorer\iexplore.exe[7432] WS2_32.dll!socket 761236D1 5 Bytes JMP 009F0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB23016$\3688710486 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\@ 2048 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\bckfg.tmp 849 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\cfg.ini 216 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\keywords 116 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\L 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U 0 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB23016$\3931943860\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

#6 Blade81

Bleepin' Rocker

Group: Malware Response Team
Posts: 6,364
Joined: 16-October 06
Gender:Male
Location:Finland

Posted 31 December 2011 - 05:06 AM

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#7 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 01 January 2012 - 03:48 PM

I printed out the replied instruction & followed them as precise as possible. Now, my pc keeps rebooting & i cannot even get it to start in safe mode with networking. I had to grab my sisters laptop to get this reply in. I can see the combofix starting when I log on, but shortly after it starts (command promt window) it reboots shortly after. I have also noticed that i no longer have any system resore points to choose to go back to.

#8 Blade81

Bleepin' Rocker

Group: Malware Response Team
Posts: 6,364
Joined: 16-October 06
Gender:Male
Location:Finland

Posted 02 January 2012 - 12:58 AM

Hi,

Reboot the system and press F8 before Windows loading screen and select "Disable automatic restart on system failure". See if any error messages is thrown instead of a reboot.

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image

#9 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 02 January 2012 - 11:03 AM

BSOD stop: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x82E4283C)
It reboots & I am able to log in. I have no internet connection on when it comes on & then combofix window comes up & i get the BSOD. I am not totally sure but I think I got a glimpse of something on the window where combofix was open before the BSOD, think it said zero access, but was fast look before it went off. Uptime on the login to BSOD was not more than 4 minutes.

#10 Blade81

Bleepin' Rocker

Group: Malware Response Team
Posts: 6,364
Joined: 16-October 06
Gender:Male
Location:Finland

Posted 02 January 2012 - 11:08 AM

Hi,

Try to close ComboFix window and see if system stays on without BSODing. If it does do the following:

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image

#11 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 02 January 2012 - 11:48 AM

i downloaded tdsskiller to a usb drive to transfer it to the pc because the pc has no internet access. I closed combofix as soon as I seen it, but now I keep getting different BSOD occurances. Can this program run is safe mode & still be effective?

#12 Blade81

Bleepin' Rocker

Group: Malware Response Team
Posts: 6,364
Joined: 16-October 06
Gender:Male
Location:Finland

Posted 02 January 2012 - 12:16 PM

Yes, it should run in safe mode too.

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image

#13 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 02 January 2012 - 12:33 PM

I ran tdsskiller in safe mode & found zero threats. I also deleted the combofix.exe but I still get a cmd window opening that says combofix. tdss only scanned 276 processes. I found a process in the sys config for combofix & unchecked it in the startup tab. There is one I haven't seen before : item: DSS command is DosOCXPOP32.exe. I unchecked it & restarted the pc....

#14 Blade81

Bleepin' Rocker

Group: Malware Response Team
Posts: 6,364
Joined: 16-October 06
Gender:Male
Location:Finland

Posted 03 January 2012 - 12:29 AM

Hi,

Please see if there's any ComboFix.txt files in c:\ or c:\combofix folder. Post it back if found. If not then let's take another run with ComboFix (download a fresh copy first).

Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image

#15 loki-process-fix

New Member

Group: Members
Posts: 10
Joined: 23-December 11

Posted 07 January 2012 - 04:26 PM

sorry i havent replied. I cannot get the pc to stay on. It keeps giving me a BSOD now & reboots. I tried looking for a restore point but it informs me there are none. I also tried the last known good configuration, but it still doesn't work. I guess I'm at a standstill.