Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

discovered Adware-2.5b56.Ink, and can't remove


  • This topic is locked This topic is locked
3 replies to this topic

#1 NightTrain

NightTrain

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 16 June 2009 - 02:05 PM

came with Cain and Abel,

McAfee discovered it and can't remove, and it is preventing me from updating McAfee.

The worst part about this is it redirects all web seach queries to ad-sites.

I ran the DDS and the logs are attached in a zipped folder.

Any help would be greatly appreciated. Thanks.

....Anything to remove this without have to reinstall my operating system would be great....
I have 1.5 TB of stuff and don't have the adequate hardware to back it up right now!

Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 NightTrain

NightTrain
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 16 June 2009 - 05:00 PM

just completed GMER scan, can anyone help with removing these malicious infections?

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-16 16:42:18
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x90B1A4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x90B1A498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x90B1A4AC]
Code 86A5C310 ZwEnumerateKey
Code 86A55338 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x90B1A53C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x90B1A57F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x90B1A470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x90B1A484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x90B1A512]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x90B1A5A7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x90B1A593]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x90B1A4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x90B1A4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x90B1A56B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x90B1A552]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x90B1A528]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x90B1A4C2]
Code 86A5431D IofCallDriver
Code 86A5B2BE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E4018C 5 Bytes JMP 90B1A52C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCompleteRequest 81E52FE2 5 Bytes JMP 86A5B2C3
.text ntkrnlpa.exe!IofCallDriver 81ED4F6F 5 Bytes JMP 86A54322
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FCB30B 1 Byte [E9]
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FCB30B 5 Bytes JMP 86A5533C
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FDA17C 5 Bytes JMP 90B1A583 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FE1DCA 5 Bytes JMP 90B1A4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 81FFBF80 5 Bytes JMP 90B1A56F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8201B1CA 5 Bytes JMP 90B1A488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 82020BA2 5 Bytes JMP 86A5C314
PAGE ntkrnlpa.exe!NtOpenProcess 8202AB06 5 Bytes JMP 90B1A474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8203D71E 7 Bytes JMP 90B1A540 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8203DD75 5 Bytes JMP 90B1A556 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8203FF86 5 Bytes JMP 90B1A502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8204D644 5 Bytes JMP 90B1A4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8204F89E 7 Bytes JMP 90B1A516 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8206E402 5 Bytes JMP 90B1A597 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8206F44E 5 Bytes JMP 90B1A5AB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820AD171 5 Bytes JMP 90B1A49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820AD1BC 7 Bytes JMP 90B1A4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 820ADC7B 5 Bytes JMP 90B1A4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[440] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 03CB00C9
.text C:\Windows\Explorer.EXE[440] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 03CB00AE
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 03CB0F4D
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 03CB0F5E
.text C:\Windows\Explorer.EXE[440] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 03CB0078
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 03CB0040
.text C:\Windows\Explorer.EXE[440] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 03CB0F9E
.text C:\Windows\Explorer.EXE[440] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 03CB0FB9
.text C:\Windows\Explorer.EXE[440] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 03CB0089
.text C:\Windows\Explorer.EXE[440] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 03CB005B
.text C:\Windows\Explorer.EXE[440] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 03CB0FCA
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 03CB0F83
.text C:\Windows\Explorer.EXE[440] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 03CB0F3C
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 03CB0011
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 03CB0000
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 03CB0FE5
.text C:\Windows\Explorer.EXE[440] kernel32.dll!WinExec 775154FF 5 Bytes JMP 03CB00DA
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 005C006C
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 005C0040
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 005C0000
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 005C005B
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 005C0FB9
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 005C0FD4
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 005C0FE5
.text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 005C0025
.text C:\Windows\Explorer.EXE[440] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 03C10FB0
.text C:\Windows\Explorer.EXE[440] msvcrt.dll!system 77428B63 5 Bytes JMP 03C10FC1
.text C:\Windows\Explorer.EXE[440] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 03C10FD2
.text C:\Windows\Explorer.EXE[440] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 03C10FEF
.text C:\Windows\Explorer.EXE[440] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 03C10027
.text C:\Windows\Explorer.EXE[440] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 03C1000C
.text C:\Windows\Explorer.EXE[440] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 03DD0FEF
.text C:\Windows\Explorer.EXE[440] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 03DD0FB9
.text C:\Windows\Explorer.EXE[440] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 03DD0FDE
.text C:\Windows\Explorer.EXE[440] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 03DD0FA8
.text C:\Windows\Explorer.EXE[440] WS2_32.dll!socket 775636D1 5 Bytes JMP 03DC0FEF
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00140F39
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00140F54
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 001400B5
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 001400A4
.text C:\Windows\system32\services.exe[656] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00140F83
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00140036
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00140F9E
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00140051
.text C:\Windows\system32\services.exe[656] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00140078
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00140FB9
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00140FCA
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00140089
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00140F03
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00140FEF
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 0014000A
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00140025
.text C:\Windows\system32\services.exe[656] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00140F1E
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 000E0FA8
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 000E0FB9
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 000E0040
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 000E0F8D
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 000E000A
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 000E0FCA
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 000E001B
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 000F005A
.text C:\Windows\system32\services.exe[656] msvcrt.dll!system 77428B63 5 Bytes JMP 000F0049
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 000F0FE3
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 000F0000
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 000F0038
.text C:\Windows\system32\services.exe[656] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 000F001D
.text C:\Windows\system32\services.exe[656] WS2_32.dll!socket 775636D1 5 Bytes JMP 00150FEF
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 0017008E
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00170F48
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 00170F12
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 0017009F
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00170F88
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00170036
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00170062
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00170FC0
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 0017007D
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00170FAF
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00170047
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00170F63
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!GetProcAddress 774CB8B6 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 001700BA
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 0017000A
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00170FEF
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00170025
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00170F23
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00150F83
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00150FAF
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00150000
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00150F9E
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00150F68
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00150FDB
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00150011
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00150FCA
.text C:\Windows\system32\lsass.exe[728] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00160FD4
.text C:\Windows\system32\lsass.exe[728] msvcrt.dll!system 77428B63 5 Bytes JMP 0016005F
.text C:\Windows\system32\lsass.exe[728] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00160033
.text C:\Windows\system32\lsass.exe[728] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00160FEF
.text C:\Windows\system32\lsass.exe[728] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 0016004E
.text C:\Windows\system32\lsass.exe[728] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 0016000C
.text C:\Windows\system32\lsass.exe[728] WS2_32.dll!socket 775636D1 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00DA0F41
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00DA0087
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 00DA00A2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 00DA0F0B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00DA0F88
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00DA0025
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00DA0F99
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00DA0047
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00DA0F6D
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00DA0062
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00DA0036
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00DA0F5C
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00DA0EF0
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00DA0FE5
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00DA0FCA
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00DA0F26
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00D50042
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 77428B63 5 Bytes JMP 00D50027
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00D50FB7
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00D50FEF
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00D50016
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 00D50FD2
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00D40F8A
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00D40FC0
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00D40FA5
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00D40F65
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00D40FDB
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00D40011
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00D40022
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00DE0025
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00DE0FDE
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 775636D1 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 008900B8
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00890F72
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 008900E4
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 008900D3
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 0089006E
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 0089002C
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00890F94
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00890FAF
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00890089
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00890051
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00890FC0
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00890F83
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00890F32
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00890FE5
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00890000
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 0089001B
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00890F57
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00880FAD
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!system 77428B63 5 Bytes JMP 00880042
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 0088000C
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00880FE3
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00880027
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 00880FD2
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00870044
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00870FAC
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00870033
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00870F87
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00870FDB
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00870011
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00870022
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 008B0FCA
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[940] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 008B0FB9
.text C:\Windows\system32\svchost.exe[940] WS2_32.dll!socket 775636D1 5 Bytes JMP 008A000A
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 008D0F6B
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 008D0F7C
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 008D0F35
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 008D00CC
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 008D008C
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 008D0FCD
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 008D0FB2
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 008D0054
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 008D0F97
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 008D006F
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 008D0039
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 008D00A7
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 008D00E7
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 008D0014
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 008D0FEF
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 008D0FDE
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!WinExec 775154FF 5 Bytes JMP 008D0F50
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 008C0038
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!system 77428B63 5 Bytes JMP 008C0FB7
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 008C001D
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 008C0FE3
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 008C0FC8
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 008C0000
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 008B005F
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 008B0044
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 008B0000
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 008B0FBD
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 008B0070
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 008B0022
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 008B0011
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 008B0033
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00CD0000
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00CD002C
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00CD001B
.text C:\Windows\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00CD0FDB
.text C:\Windows\System32\svchost.exe[1044] WS2_32.dll!socket 775636D1 5 Bytes JMP 00930000
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 01CD009D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 01CD0F57
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 01CD0F21
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 01CD0F3C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 01CD0F72
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 01CD0FD4
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 01CD0F8D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 01CD0FB9
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 01CD0067
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 01CD0F9E
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 01CD0036
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 01CD0082
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 01CD00DD
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 01CD000A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 01CD0FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 01CD001B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!WinExec 775154FF 5 Bytes JMP 01CD00B8
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 01300FA3
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!system 77428B63 5 Bytes JMP 01300038
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 01300FD2
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 01300FEF
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 0130001D
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 0130000C
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 012F0062
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 012F0FD4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 012F0000
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 012F0051
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 012F007D
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 012F0FE5
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 012F001B
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 012F0036
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 01CF0FEF
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 01CF0FB9
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 01CF0FD4
.text C:\Windows\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 01CF0000
.text C:\Windows\System32\svchost.exe[1092] WS2_32.dll!socket 775636D1 5 Bytes JMP 01CE0000
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 008E006C
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 008E0F1C
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 008E00A9
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 008E0098
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 008E0F5C
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 008E0FC0
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 008E0F79
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 008E0F9B
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 008E0F41
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 008E0F8A
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 008E002C
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 008E0051
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 008E0EF7
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 008E001B
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 008E0000
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 008E0FDB
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!WinExec 775154FF 5 Bytes JMP 008E007D
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00310053
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!system 77428B63 5 Bytes JMP 00310042
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00310FD2
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00310FEF
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00310027
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 0031000C
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 0030005B
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00300040
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00300000
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00300FB9
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 0030006C
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00300025
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00300FE5
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00300FD4
.text C:\Windows\System32\svchost.exe[1124] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00DD0FEF
.text C:\Windows\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00DD0025
.text C:\Windows\System32\svchost.exe[1124] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00DD000A
.text C:\Windows\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00DD0036
.text C:\Windows\System32\svchost.exe[1124] WS2_32.dll!socket 775636D1 5 Bytes JMP 00930000
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00960F5E
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00960F79
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 009600DA
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 009600C9
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00960FC0
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00960036
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00960098
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00960062
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00960FAF
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00960087
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00960051
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00960F94
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00960F1E
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00960014
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00960FEF
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00960025
.text C:\Windows\System32\svchost.exe[1164] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00960F4D
.text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00950053
.text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!system 77428B63 5 Bytes JMP 00950FC8
.text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 0095001D
.text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 0095000C
.text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00950038
.text C:\Windows\System32\svchost.exe[1164] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 00950FEF
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 008F0F94
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 008F002C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 008F0FEF
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 008F0FAF
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 008F0051
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 008F0FD4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 008F000A
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 008F001B
.text C:\Windows\System32\svchost.exe[1164] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00980000
.text C:\Windows\System32\svchost.exe[1164] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 0098002C
.text C:\Windows\System32\svchost.exe[1164] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00980011
.text C:\Windows\System32\svchost.exe[1164] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 0098003D
.text C:\Windows\System32\svchost.exe[1164] WS2_32.dll!socket 775636D1 5 Bytes JMP 00970FE5
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 01050F50
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 01050096
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 010500C5
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 01050F24
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 01050F8D
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 01050FD4
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 01050F9E
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 01050051
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 01050F7C
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 01050FAF
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 01050036
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 01050F6B
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 01050F13
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 0105000A
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 01050FEF
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 01050025
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!WinExec 775154FF 5 Bytes JMP 01050F3F
.text C:\Windows\system32\svchost.exe[1208] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 01040053
.text C:\Windows\system32\svchost.exe[1208] msvcrt.dll!system 77428B63 5 Bytes JMP 01040FC8
.text C:\Windows\system32\svchost.exe[1208] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 01040027
.text C:\Windows\system32\svchost.exe[1208] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 01040000
.text C:\Windows\system32\svchost.exe[1208] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 01040042
.text C:\Windows\system32\svchost.exe[1208] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 01040FE3
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00DE0040
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00DE0FB9
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00DE0F9E
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00DE0051
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00DE0FE5
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00DE0025
.text C:\Windows\system32\svchost.exe[1208] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 011B0000
.text C:\Windows\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 011B0022
.text C:\Windows\system32\svchost.exe[1208] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 011B0011
.text C:\Windows\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 011B0FD1
.text C:\Windows\system32\svchost.exe[1208] WS2_32.dll!socket 775636D1 5 Bytes JMP 010A0000
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00D30F3E
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00D30F4F
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 00D30F01
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 00D30F1C
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00D30F7E
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00D30FDB
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00D30058
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00D3003D
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00D30073
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00D30FA5
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00D30FB6
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00D30084
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00D300B3
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00D3001B
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00D3000A
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00D3002C
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00D30F2D
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00930FAD
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!system 77428B63 5 Bytes JMP 00930038
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00930FD9
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 0093000C
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00930FC8
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 0093001D
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 006E0F97
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 006E002F
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 006E000A
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 006E0FA8
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 006E0F7C
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 006E0FDE
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 006E0FEF
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 006E0FC3
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00D90014
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00D90FDE
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00D9002F
.text C:\Windows\system32\svchost.exe[1352] WS2_32.dll!socket 775636D1 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 017500AE
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 01750089
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 017500EB
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 017500D0
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 0175005D
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 01750FAF
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 01750036
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 01750F83
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 01750F68
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 0175001B
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 01750F9E
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 0175006E
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 01750F39
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 0175000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 01750FEF
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 01750FD4
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!WinExec 775154FF 5 Bytes JMP 017500BF
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 016C002C
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!system 77428B63 5 Bytes JMP 016C0FA1
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 016C0011
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 016C0FE3
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 016C0FBC
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 016C0000
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 01670F7C
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 0167001E
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 01670FE5
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 01670F97
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 01670F61
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 01670FC3
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 01670FD4
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 01670FA8
.text C:\Windows\system32\svchost.exe[1720] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 017B0000
.text C:\Windows\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 017B002C
.text C:\Windows\system32\svchost.exe[1720] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 017B001B
.text C:\Windows\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 017B0FDB
.text C:\Windows\system32\svchost.exe[1720] WS2_32.dll!socket 775636D1 5 Bytes JMP 017A0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1788] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1788] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 002C00AE
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 002C0F5E
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 002C0F28
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 002C00BF
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 002C0F94
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 002C0FB9
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 002C006E
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 002C0036
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 002C0089
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 002C0051
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 002C0025
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 002C0F6F
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 002C0F17
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 002C0FDE
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!WinExec 775154FF 5 Bytes JMP 002C0F4D
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 002B007A
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!system 77428B63 5 Bytes JMP 002B005F
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 002B003A
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 002B0FE5
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 002B0029
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00210076
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00210040
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00210051
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00210FB9
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 0021002F
.text C:\Windows\system32\svchost.exe[2724] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[2724] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 0087002C
.text C:\Windows\system32\svchost.exe[2724] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00870011
.text C:\Windows\system32\svchost.exe[2724] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00870FDB
.text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!socket 775636D1 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00A30F59
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00A300A9
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 00A300D5
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 00A30F3E
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00A30F7E
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00A30FD1
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00A30058
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00A3003D
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00A30069
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00A30F9B
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00A30FC0
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00A30084
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00A300E6
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00A3001B
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00A3000A
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00A3002C
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00A300BA
.text C:\Windows\system32\svchost.exe[2756] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 009E0042
.text C:\Windows\system32\svchost.exe[2756] msvcrt.dll!system 77428B63 5 Bytes JMP 009E0027
.text C:\Windows\system32\svchost.exe[2756] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 009E0FC1
.text C:\Windows\system32\svchost.exe[2756] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[2756] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 009E000C
.text C:\Windows\system32\svchost.exe[2756] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 009E0FDE
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00990FAC
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00990047
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00990058
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00990069
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00990011
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00990022
.text C:\Windows\system32\svchost.exe[2756] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00A9000A
.text C:\Windows\system32\svchost.exe[2756] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00A90025
.text C:\Windows\system32\svchost.exe[2756] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00A90FEF
.text C:\Windows\system32\svchost.exe[2756] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00A90040
.text C:\Windows\system32\svchost.exe[2756] WS2_32.dll!socket 775636D1 5 Bytes JMP 00A40000
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00210F39
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00210F54
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 00210F14
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 002100B5
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00210053
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00210000
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00210F6F
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00210F8A
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00210064
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 0021002C
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00210011
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00210089
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 002100C6
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00210FD4
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00210FE5
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00210FAF
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!WinExec 775154FF 5 Bytes JMP 0021009A
.text C:\Windows\System32\svchost.exe[2784] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00120053
.text C:\Windows\System32\svchost.exe[2784] msvcrt.dll!system 77428B63 5 Bytes JMP 00120FBE
.text C:\Windows\System32\svchost.exe[2784] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 0012002E
.text C:\Windows\System32\svchost.exe[2784] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00120000
.text C:\Windows\System32\svchost.exe[2784] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00120FCF
.text C:\Windows\System32\svchost.exe[2784] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 00120011
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00110043
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyA 7634B8AE 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00110FB2
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00110FEF
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00110FA1
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00110054
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00110FCD
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00110FDE
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 0011001E
.text C:\Windows\System32\svchost.exe[2784] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00870000
.text C:\Windows\System32\svchost.exe[2784] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00870036
.text C:\Windows\System32\svchost.exe[2784] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 0087001B
.text C:\Windows\System32\svchost.exe[2784] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00870FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00020098
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 00020087
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 000200E2
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 00020F41
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00020F81
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00020FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00020F92
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00020040
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 0002006C
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 0002005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 0002002F
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00020F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 000200F3
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00020FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00020FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00020014
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] kernel32.dll!WinExec 775154FF 5 Bytes JMP 000200B3
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 0006002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 0006001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00060F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00060F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00060FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 0006000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 00060FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxIndirectParamW 776EBD25 5 Bytes JMP 70595B3B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxParamW 77701FD5 5 Bytes JMP 70595AC5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxParamA 777280B2 5 Bytes JMP 70595B00 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!DialogBoxIndirectParamA 777283DD 5 Bytes JMP 70595B76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxIndirectA 7773D471 5 Bytes JMP 70595A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxIndirectW 7773D56B 5 Bytes JMP 70595A3D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxExA 7773D5D1 5 Bytes JMP 70595A03 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] USER32.dll!MessageBoxExW 7773D5F5 5 Bytes JMP 705959C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00070FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] msvcrt.dll!system 77428B63 5 Bytes JMP 0007006E
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00070038
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00070000
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00070049
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 0007001D
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] WS2_32.dll!socket 775636D1 5 Bytes JMP 00080000
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00220FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00220025
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00220000
.text C:\Program Files\Internet Explorer\iexplore.exe[4860] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00220FCA
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 000100D0
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 000100BF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 00010F54
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 000100EB
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00010064
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 00010025
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00010F8A
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00010036
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!SetUnhandledExceptionFilter 774A6E2D 5 Bytes JMP 6AFF531D C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 0001007F
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00010047
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00010FAF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 000100A4
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 00010106
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 0001000A
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00010FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00010FDE
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00010F79
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00060FA8
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] msvcrt.dll!system 77428B63 5 Bytes JMP 0006003D
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00060011
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00060FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00060022
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 00060000
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00070040
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 0007002F
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00070FE5
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00070F9E
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00070051
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 00070FB9
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00070FD4
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 0007000A
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] WS2_32.dll!socket 775636D1 5 Bytes JMP 00080FEF
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 03F80000
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 03F8002C
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 03F80011
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5044] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 03F8003D
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!GetStartupInfoW 77481929 5 Bytes JMP 00020F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!GetStartupInfoA 774819C9 5 Bytes JMP 000200A4
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreateProcessW 77481C01 5 Bytes JMP 000200BF
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreateProcessA 77481C36 5 Bytes JMP 00020F28
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!VirtualProtect 77481DD1 5 Bytes JMP 00020F94
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreateNamedPipeW 77485C44 5 Bytes JMP 0002002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!LoadLibraryExW 774A30C3 5 Bytes JMP 00020FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!LoadLibraryW 774A361F 5 Bytes JMP 00020047
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!VirtualProtectEx 774A8D7E 5 Bytes JMP 00020F83
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!LoadLibraryExA 774A9469 5 Bytes JMP 00020062
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!LoadLibraryA 774A9491 5 Bytes JMP 00020FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreatePipe 774B0284 5 Bytes JMP 00020093
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!GetProcAddress 774CB8B6 5 Bytes JMP 000200D0
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreateFileW 774CCC4E 5 Bytes JMP 00020011
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreateFileA 774CCF71 5 Bytes JMP 00020000
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!CreateNamedPipeA 7751430E 5 Bytes JMP 00020FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] kernel32.dll!WinExec 775154FF 5 Bytes JMP 00020F43
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegCreateKeyExA 7634B5E7 5 Bytes JMP 00060FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegCreateKeyA 7634B8AE 5 Bytes JMP 00060047
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegOpenKeyA 76350BF5 5 Bytes JMP 00060000
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegCreateKeyW 7635B83D 5 Bytes JMP 00060058
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegCreateKeyExW 7635BCE1 5 Bytes JMP 00060F91
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegOpenKeyExA 7635D4E8 5 Bytes JMP 0006001B
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegOpenKeyW 76363CB0 5 Bytes JMP 00060FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] ADVAPI32.dll!RegOpenKeyExW 7636F09D 5 Bytes JMP 0006002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!DialogBoxIndirectParamW 776EBD25 5 Bytes JMP 70595B3B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!DialogBoxParamW 77701FD5 5 Bytes JMP 70595AC5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!DialogBoxParamA 777280B2 5 Bytes JMP 70595B00 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!DialogBoxIndirectParamA 777283DD 5 Bytes JMP 70595B76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!MessageBoxIndirectA 7773D471 5 Bytes JMP 70595A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!MessageBoxIndirectW 7773D56B 5 Bytes JMP 70595A3D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!MessageBoxExA 7773D5D1 5 Bytes JMP 70595A03 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] USER32.dll!MessageBoxExW 7773D5F5 5 Bytes JMP 705959C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] msvcrt.dll!_wsystem 77428A47 5 Bytes JMP 00070016
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] msvcrt.dll!system 77428B63 5 Bytes JMP 00070F95
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] msvcrt.dll!_creat 7742C6F1 5 Bytes JMP 00070FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] msvcrt.dll!_open 7742DA7E 5 Bytes JMP 00070FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] msvcrt.dll!_wcreat 7742DC9E 5 Bytes JMP 00070FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] msvcrt.dll!_wopen 7742DE79 5 Bytes JMP 00070FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] WS2_32.dll!socket 775636D1 5 Bytes JMP 00080000
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] WININET.dll!InternetOpenA 779B03DD 5 Bytes JMP 00910FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] WININET.dll!InternetOpenUrlA 779B20A3 5 Bytes JMP 00910FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] WININET.dll!InternetOpenW 779B2A58 5 Bytes JMP 00910000
.text C:\Program Files\Internet Explorer\iexplore.exe[5352] WININET.dll!InternetOpenUrlW 779FB019 5 Bytes JMP 00910FC3

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcgfuimworsobcmegldxrukhvuwbvpfytr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [872] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcxkxdhbmbvhtkmlmujmicolaqcbuokpwb.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1644] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcxkxdhbmbvhtkmlmujmicolaqcbuokpwb.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [4860] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcxkxdhbmbvhtkmlmujmicolaqcbuokpwb.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [5352] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gxvxcydqshncoiwkamecqldnkgjuebotaadfc.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcydqshncoiwkamecqldnkgjuebotaadfc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcydqshncoiwkamecqldnkgjuebotaadfc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcgfuimworsobcmegldxrukhvuwbvpfytr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcxkxdhbmbvhtkmlmujmicolaqcbuokpwb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcydqshncoiwkamecqldnkgjuebotaadfc.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcydqshncoiwkamecqldnkgjuebotaadfc.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcgfuimworsobcmegldxrukhvuwbvpfytr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcxkxdhbmbvhtkmlmujmicolaqcbuokpwb.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\o5zebjzv.default\Cache\A6EF24C7d01 0 bytes
File C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\o5zebjzv.default\Cache\A7E416F2d01 0 bytes
File C:\Windows\System32\drivers\gxvxcydqshncoiwkamecqldnkgjuebotaadfc.sys 48128 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gxvxccount 4 bytes
File C:\Windows\System32\gxvxcgfuimworsobcmegldxrukhvuwbvpfytr.dll 22529 bytes executable
File C:\Windows\System32\gxvxcxkxdhbmbvhtkmlmujmicolaqcbuokpwb.dll 27649 bytes executable

---- EOF - GMER 1.0.15 ----
:thumbup2:

Edited by Orange Blossom, 16 June 2009 - 05:28 PM.
Merged topics. ~ OB


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 22 June 2009 - 08:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,699 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 25 June 2009 - 11:21 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users