Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected when click search results


  • Please log in to reply
6 replies to this topic

#1 ztrog

ztrog

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 10 November 2009 - 09:02 PM

Having a problem with being redirected from search results. Has occurred in Yahoo and Bing. Have run MBAM full scan and a SuperSpyware scan and the problem is still occurring. Have McAfee running as main AV on system. Any suggestions from here?

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:55 PM

Posted 11 November 2009 - 12:33 PM

Please try these steps. I also recommended redownloading Malwarebytes...

:trumpet: Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
:flowers: RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
:thumbsup: Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 ztrog

ztrog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 11 November 2009 - 02:16 PM

Thanks. I have been running the anti-malwares and such off a flash drive when I have had other problems. This should not affect anything, correct? Also, I am using XP Home. Thanks.

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:55 PM

Posted 11 November 2009 - 03:45 PM

TFC and RKill need to be run from the desktop. Malwarebytes is probably ok to run from your flash drive

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 ztrog

ztrog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 12 November 2009 - 11:28 AM

Tried the TFC and RKill and still was redirected to some ad when did a search. Not sure if did RKill correctly. It comes up with a DOS looking box saying it is doing something and to "Please be Patient". Is this the black box you were referring to? I tried Link #1 and Link #2. Also ran MBAM again and nothing malicious was found. Any thoughts?

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:55 PM

Posted 12 November 2009 - 04:01 PM

Have you tried Link 3 or 4? How long did RKill run before you suspended it. It should give you an indication of a sucessfull run.

Also try this...

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 ztrog

ztrog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 12 November 2009 - 05:39 PM

Rkill probably ran for just 10 seconds or so. I did not suspend it, the box just disappears. Tried all of the links and all performed exactly the same. I never received anything that said successful run or the like. It has the following message while the box appears:

Terminating know malware processes
Please be patient.


Below is the gmer log:



GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-12 17:29:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\pfrcrfoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB85C20B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB850478A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB8504738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB850474C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB85047CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB8504710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB8504724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB850479E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB8504776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB8504762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB85047F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB85047E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB85047B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [20, 5C, B8]
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP B85047B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP B850478E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80570441 5 Bytes JMP B8504766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805741D0 5 Bytes JMP B8504714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP B85047A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP B85047E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP B85047CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP B8504750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805836B0 5 Bytes JMP B85047FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058B58D 5 Bytes JMP B8504728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP B850473C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD47 5 Bytes JMP B850477A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74B87AC]

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014C0FEF
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014C0F76
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014C006B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014C004E
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 014C003D
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014C0022
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014C00AD
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014C0F5B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014C0F39
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014C0F4A
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014C00E3
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 014C0F9B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 014C0000
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 014C0086
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 014C0FB6
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 014C0011
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014C00C8
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014B000A
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014B0F72
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014B0FC3
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014B0FDE
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014B0F83
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014B0FEF
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014B0F9E
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6B, 89]
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014B0025
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014A0FB2
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!system 77C293C7 5 Bytes JMP 014A0FCD
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014A0029
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014A0FEF
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014A0FDE
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014A000C
.text C:\WINDOWS\system32\services.exe[880] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[880] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\services.exe[880] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE0FDB
.text C:\WINDOWS\system32\services.exe[880] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\services.exe[880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010A0065
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010A0F66
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010A0F83
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010A0F9E
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010A0FAF
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010A0F1D
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010A0F2E
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010A00A5
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010A008A
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010A00B6
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010A0036
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010A0011
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010A0F55
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010A0FCA
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010A0FE5
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010A0F0C
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01090FB9
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01090036
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0109000A
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01090FDE
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01090F79
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01090FEF
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01090F94
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [29, 89]
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0109001B
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FBC
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD7
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[892] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[892] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[892] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\lsass.exe[892] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FD002F
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280000
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00280F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280093
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280076
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002800AE
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00280F72
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002800DA
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00280F41
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00280F26
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0028005B
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0028001B
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00280F83
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280040
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002800BF
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370014
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0037005B
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370040
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0037002F
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380F99
.text C:\Program Files\Internet Explorer\iexplore.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 0038002E
.text C:\Program Files\Internet Explorer\iexplore.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0038001D
.text C:\Program Files\Internet Explorer\iexplore.exe[936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\iexplore.exe[936] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A40FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[936] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A40FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[936] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A40000
.text C:\Program Files\Internet Explorer\iexplore.exe[936] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A40FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E5006C
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F77
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50051
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50040
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50F9E
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E5009D
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F55
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50F0E
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50F1F
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50EF3
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50025
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F66
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FB9
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50FCA
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50F3A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40FD1
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40FA5
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40022
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40062
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40FC0
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40047
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E30042
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30031
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30FC1
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30016
.text C:\WINDOWS\system32\svchost.exe[1056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FD2
.text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DB0014
.text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DB002F
.text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F68
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80F79
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80F94
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80051
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80025
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A80095
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A80078
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A800C1
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A80F32
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A80F17
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80036
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80F57
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80FB9
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A800A6
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A7002F
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70F7C
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A70FDE
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A70F8D
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A7000A
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A70FB2
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C7, 88]
.text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70FC3
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60042
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60027
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A60FC1
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60016
.text C:\WINDOWS\System32\svchost.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60FD2
.text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A50000
.text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A50FAF
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F99
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F5008E
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50FB6
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50073
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50047
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F50F7C
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F500C4
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50F3C
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F500DF
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F50F2B
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50058
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F50011
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F500A9
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50FDB
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F50F61
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F4001E
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40F86
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FCD
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40FA1
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F40FB2
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [14, 89] {ADC AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40039
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30F9F
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30FB0
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FD2
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30FC1
.text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F3000C
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F10025
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F10036
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20000
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F80FEF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F80F37
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F80F48
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F8002C
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F80F79
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F80F9E
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F80F1C
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F80064
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F80EFA
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F80F0B
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F80EDF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F8001B
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F8000A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F80047
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F80FAF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F80FCA
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F80089
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B00FCA
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B00F83
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B0001B
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B00FE5
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B00036
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B00000
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B00F9E
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D0, 8A]
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B00FAF
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02AF0038
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 02AF0FAD
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02AF0FC8
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02AF0FE3
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02AF0027
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02AF0000
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02AD0FEF
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02AD0FDE
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02AD0014
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02AD0025
.text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02AE0FEF
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0095006C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0095005B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00950F83
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00950040
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0095002F
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00950F5C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009500A4
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009500E1
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009500C6
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00950F2D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00950FA8
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00950FDE
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00950087
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00950FB9
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009500B5
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00940040
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00940FC3
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00940025
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00940014
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00940FD4
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00940076
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0094005B
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930F9E
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930033
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930022
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00920FDB
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00920FCA
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A70F46
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A7003B
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A70F61
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A7001E
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70F97
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A7007B
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70F35
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70EFD
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A70F18
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A700B1
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70F7C
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A70FDE
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A70060
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A70FA8
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A70FC3
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A7008C
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60000
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A60051
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A60F9E
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A60036
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A6001B
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50FAD
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50038
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A5001D
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50000
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50FC8
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A3001B
.text C:\WINDOWS\System32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC00A1
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0086
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0075
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0058
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC00ED
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F9B
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0112
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F79
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC012D
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0047
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC00C6
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC002C
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC001B
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC0F8A
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0025
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB006F
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0014
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0FA8
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CB0FB9
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EB, 88] {JMP 0xffffffffffffff8a}
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0040
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0031
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FB0
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0FD2
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FC1
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA000C
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C8000A
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C80FC3
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90000
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20F57
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F72
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D2004C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20F83
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20F9E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D20F0E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F1F
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20EDF
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20082
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20EC4
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20025
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20F46
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FAF
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20071
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20047
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20FAF
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20036
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2001B
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C2006C
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C2000A
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FC0
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FA3
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10038
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FD2
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C1000C
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10027
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BF0000
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BF001B
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BF002C
.text C:\WINDOWS\System32\svchost.exe[1860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001D0000
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001D0082
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001D0067
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001D0F83
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001D0F94
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001D0FB6
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001D0F72
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001D00BA
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001D0F46
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001D00DF
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001D0F2B
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001D0FA5
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001D0FDB
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001D0093
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001D002C
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001D0011
.text C:\Program Files\Messenger\msmsgs.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001D0F61
.text C:\Program Files\Messenger\msmsgs.exe[1872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002C0FB0
.text C:\Program Files\Messenger\msmsgs.exe[1872] msvcrt.dll!system 77C293C7 5 Bytes JMP 002C0FC1
.text C:\Program Files\Messenger\msmsgs.exe[1872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002C0016
.text C:\Program Files\Messenger\msmsgs.exe[1872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002C0027
.text C:\Program Files\Messenger\msmsgs.exe[1872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002C0FD2
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002D0FE5
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002D0051
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002D0036
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002D0025
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002D0F94
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002D0000
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002D0FAF
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4D, 88]
.text C:\Program Files\Messenger\msmsgs.exe[1872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002D0FC0
.text C:\Program Files\Messenger\msmsgs.exe[1872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002E0FEF
.text C:\Program Files\Messenger\msmsgs.exe[1872] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002F0000
.text C:\Program Files\Messenger\msmsgs.exe[1872] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002F0FE5
.text C:\Program Files\Messenger\msmsgs.exe[1872] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002F001B
.text C:\Program Files\Messenger\msmsgs.exe[1872] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002F0FC0
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F94
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0089
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0FA5
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0062
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C002C
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F4B
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F5C
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0F1F
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F3A
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F0E
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0047
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C001B
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0F79
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FDB
.text C:\WINDOWS\explorer.exe[2940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00B8
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B002F
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F90
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B000A
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FA1
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FB2
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\explorer.exe[2940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\explorer.exe[2940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002C0FB2
.text C:\WINDOWS\explorer.exe[2940] msvcrt.dll!system 77C293C7 5 Bytes JMP 002C003D
.text C:\WINDOWS\explorer.exe[2940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002C0FDE
.text C:\WINDOWS\explorer.exe[2940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\explorer.exe[2940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002C0FCD
.text C:\WINDOWS\explorer.exe[2940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002C000C
.text C:\WINDOWS\explorer.exe[2940] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002E0FEF
.text C:\WINDOWS\explorer.exe[2940] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002E000A
.text C:\WINDOWS\explorer.exe[2940] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002E0025
.text C:\WINDOWS\explorer.exe[2940] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002E0040
.text C:\WINDOWS\explorer.exe[2940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00280087
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280F88
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280062
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280051
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280036
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00280F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00280F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00280F13
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00280F24
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002800BD
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00280FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0028000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00280098
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280025
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00280F3F
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370F80
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0037001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0037003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00370FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [57, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0037002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] msvcrt.dll!system 77C293C7 5 Bytes JMP 0038003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A40000
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A40FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A40011
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A40FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A30FE5

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Driver\00002774 -> \Driver\atapi \Device\Harddisk0\DR0 8A35B50C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users