Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Artemis trojan help/browser redirection


  • This topic is locked This topic is locked
14 replies to this topic

#1 Thakidd33

Thakidd33

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 28 November 2009 - 02:08 PM

Hello, i am super new to bleepingcomputer but i always use the help that i tend to find here if i have trouble but this one i cant seem to get rid of...my mcafee keeps finding and blocking and supposedly deleting this trojan called artemis!9ee and whole lot of other numbers or whatever but when i scan for it mcaffe cant seem to find it...ive used all the other spyware programs, MBAM, superantispyware and they find other things besides the artemis...

now i really believe that this is the cause of my search redirection as well...which is getting real annoying by the way...during random times i do get maybe one or two tabs that pop up as well...i would be greatly appreciated for any help...i understand you guys are busy...i am a patient man...the computer still runs ok with the exception of my DVD drive not working...cds wont load program ones anyway i havent tested to see if music cds work or not

im running Windows 7 home premium, i use google chrome internet browser...i am posting a DDS log and a hijackthis log below....

This is my DDS log...

DDS (Ver_09-11-24.02) - NTFSx86
Run by Ty at 9:54:29.38 on Sat 11/28/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1270 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Ty\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ty\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [Google Update] "c:\users\ty\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\ty\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\ty\appdata\roaming\mozilla\firefox\profiles\ttcr1hev.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ty\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\ty\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-26 1153368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-30 38224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2009-9-30 72576]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusb.sys [2002-2-20 70016]

=============== Created Last 30 ================

2009-11-28 16:59:41 0 d-----w- c:\program files\Trend Micro
2009-11-28 10:02:39 0 d-----w- c:\program files\SpywareBlaster
2009-11-27 06:39:01 0 d-----w- c:\program files\Yahoo!
2009-11-27 06:38:53 0 d-----w- c:\program files\CCleaner
2009-11-27 05:10:06 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-27 05:10:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 00:22:14 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-27 00:12:24 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-27 00:11:53 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 00:11:52 0 d-----w- c:\users\ty\appdata\roaming\SUPERAntiSpyware.com
2009-11-27 00:10:30 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-26 18:10:46 0 d-----w- c:\programdata\Research In Motion
2009-11-25 17:38:38 0 d-----w- c:\program files\common files\xing shared
2009-11-25 06:01:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 16:01:57 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-24 15:45:49 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-24 15:45:46 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-24 15:45:46 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-24 15:45:46 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-24 15:45:46 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-24 15:45:46 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-24 15:45:46 2613248 ----a-w- c:\windows\explorer.exe
2009-11-24 15:45:46 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-24 15:45:46 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-24 15:45:45 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-24 07:30:00 97848 ----a-w- c:\windows\system32\bass.dll
2009-11-24 05:44:12 16089 ----a-w- c:\windows\system32\PCANDIS3.VXD
2009-11-24 05:44:09 61440 ----a-w- c:\windows\system32\W32N50.DLL
2009-11-24 05:44:09 40960 ------w- c:\windows\system32\IsUser11b.dll
2009-11-24 05:44:09 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS
2009-11-24 05:44:09 16112 ----a-w- c:\windows\system32\PCANDIS4.SYS
2009-11-24 05:43:45 0 d-----w- c:\program files\WUSB11 WLAN Monitor
2009-11-24 04:27:50 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-11-24 04:27:35 0 d-----w- c:\windows\system32\wbem\Performance
2009-11-24 04:24:33 20 --sh--w- c:\users\ty\ntuser.ini
2009-11-24 04:24:30 0 d-sh--w- C:\Recovery
2009-11-24 04:12:30 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-24 03:44:43 10896 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2009-11-24 03:44:43 10896 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2009-11-24 03:44:15 0 d-----w- c:\windows\system32\RTCOM
2009-11-24 03:44:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-24 03:43:59 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-24 03:41:05 0 d-----w- c:\windows\Panther
2009-11-24 03:33:31 0 d--h--w- C:\$WINDOWS.~Q
2009-11-24 03:26:28 0 d--h--w- C:\$INPLACE.~TR
2009-11-24 02:30:07 1890 ----a-w- c:\windows\diagwrn.xml
2009-11-24 02:30:07 1890 ----a-w- c:\windows\diagerr.xml
2009-11-24 02:13:19 0 d-----w- C:\OEM
2009-11-22 18:36:50 0 d-----w- c:\programdata\Apple Computer
2009-11-21 15:53:55 0 d-----w- c:\programdata\Real
2009-11-11 07:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 07:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-02 22:22:52 0 d-----w- c:\program files\common files\PX Storage Engine
2009-11-02 22:21:44 0 d-----w- c:\program files\common files\Sonic Shared
2009-11-02 22:21:43 0 d-----w- c:\program files\Roxio
2009-10-30 16:52:29 0 d-----w- c:\users\ty\Tracing

==================== Find3M ====================

2009-11-28 16:13:33 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-26 20:16:33 140832 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2009-11-25 17:38:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-24 04:25:53 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-24 03:45:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-24 03:45:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-07 18:36:55 17300 ----a-w- c:\windows\fonts\SEGA_0.TTF
2009-11-07 18:36:55 17300 ----a-w- c:\windows\fonts\SEGA.TTF
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 15:49:40 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-10-07 15:48:54 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-10-07 15:48:32 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-10-07 15:47:56 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-10-07 15:43:44 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2009-10-07 15:43:32 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-10-07 15:25:10 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2009-10-07 15:24:06 34068 ----a-w- c:\windows\system32\Repository.reg
2009-10-07 08:46:36 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 08:25:10 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2009-10-07 08:25:10 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2009-10-07 08:25:10 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2009-10-07 08:25:10 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2009-10-07 08:23:08 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-10-01 17:08:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-01 07:36:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-23 00:18:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-04 20:17:00 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-02 07:29:12 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 07:29:10 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 07:29:10 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 07:29:10 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 07:29:02 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 07:29:00 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-08-30 17:58:48 507904 ----a-r- c:\windows\system32\btwapi.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:58:31.12 ===============


this is my Hijackthis log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:53 AM, on 11/28/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Ty\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_x1300
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ty\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 10433 bytes

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 06 December 2009 - 12:57 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 07 December 2009 - 01:44 PM

No worries about the delayed response like i said im a patient guy...i know you are all pretty busy...ok so my mcafee keeps finding and blocking and supposedly deleting this trojan called artemis!9ee and whole lot of other numbers and it just started doing the same with a trojan called generic something but when i scan for it mcaffe cant seem to find anything...ive used all the other spyware programs, MBAM, superantispyware and they find other things besides the artemis...

now i dont know if this is the cause of my search redirection as well...but i know it is getting real annoying...during random times i do get maybe one or two tabs that pop up as well...i would be greatly appreciated for any help...the computer still runs ok with the exception of my DVD drive not working...like my windows 7 upgrade disk wont load but music cds will...

im running Windows 7 home premium, i use google chrome internet browser...i am posting the DDs log below as well as attaching the attach document as well...i am grateful for any help that you can offer...



DDS (Ver_09-12-01.01) - NTFSx86
Run by Ty at 10:31:35.57 on Mon 12/07/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1477 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Ty\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ty\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [Google Update] "c:\users\ty\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\ty\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcproxy\McProxy.exe [2009-10-16 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\McShield.exe [2009-10-16 144704]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-26 1153368]
R3 McSysmon;McAfee SystemGuards;c:\program files\mcafee\virusscan\mcsysmon.exe [2009-10-16 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-16 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-16 40552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-16 34248]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusb.sys [2002-2-20 70016]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2009-9-30 72576]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

=============== Created Last 30 ================

2009-12-02 01:57:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 01:57:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 01:57:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 18:24:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2009-11-28 16:59:41 0 d-----w- c:\program files\Trend Micro
2009-11-28 10:02:39 0 d-----w- c:\program files\SpywareBlaster
2009-11-27 06:39:01 0 d-----w- c:\program files\Yahoo!
2009-11-27 06:38:53 0 d-----w- c:\program files\CCleaner
2009-11-27 05:10:06 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-27 05:10:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 00:22:14 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-27 00:12:24 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-27 00:11:53 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 00:11:52 0 d-----w- c:\users\ty\appdata\roaming\SUPERAntiSpyware.com
2009-11-27 00:10:30 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-26 18:10:46 0 d-----w- c:\programdata\Research In Motion
2009-11-25 17:38:38 0 d-----w- c:\program files\common files\xing shared
2009-11-25 06:01:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 16:01:57 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-24 15:45:49 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-24 15:45:46 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-24 15:45:46 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-24 15:45:46 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-24 15:45:46 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-24 15:45:46 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-24 15:45:46 2613248 ----a-w- c:\windows\explorer.exe
2009-11-24 15:45:46 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-24 15:45:46 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-24 15:45:45 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-24 07:30:00 97848 ----a-w- c:\windows\system32\bass.dll
2009-11-24 05:44:12 16089 ----a-w- c:\windows\system32\PCANDIS3.VXD
2009-11-24 05:44:09 61440 ----a-w- c:\windows\system32\W32N50.DLL
2009-11-24 05:44:09 40960 ------w- c:\windows\system32\IsUser11b.dll
2009-11-24 05:44:09 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS
2009-11-24 05:44:09 16112 ----a-w- c:\windows\system32\PCANDIS4.SYS
2009-11-24 05:43:45 0 d-----w- c:\program files\WUSB11 WLAN Monitor
2009-11-24 04:27:50 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-11-24 04:27:35 0 d-----w- c:\windows\system32\wbem\Performance
2009-11-24 04:24:33 20 --sh--w- c:\users\ty\ntuser.ini
2009-11-24 04:24:30 0 d-sh--w- C:\Recovery
2009-11-24 04:12:30 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-24 03:44:43 10896 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2009-11-24 03:44:43 10896 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2009-11-24 03:44:15 0 d-----w- c:\windows\system32\RTCOM
2009-11-24 03:44:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-24 03:43:59 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-24 03:41:05 0 d-----w- c:\windows\Panther
2009-11-24 03:33:31 0 d--h--w- C:\$WINDOWS.~Q
2009-11-24 03:26:28 0 d--h--w- C:\$INPLACE.~TR
2009-11-24 02:30:07 1890 ----a-w- c:\windows\diagwrn.xml
2009-11-24 02:30:07 1890 ----a-w- c:\windows\diagerr.xml
2009-11-24 02:13:19 0 d-----w- C:\OEM
2009-11-22 18:36:50 0 d-----w- c:\programdata\Apple Computer
2009-11-21 15:53:55 0 d-----w- c:\programdata\Real
2009-11-11 07:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 07:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-12-07 17:50:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-26 20:16:33 140832 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2009-11-25 17:38:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-24 04:25:53 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-24 03:45:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-24 03:45:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-07 18:36:55 17300 ----a-w- c:\windows\fonts\SEGA_0.TTF
2009-11-07 18:36:55 17300 ----a-w- c:\windows\fonts\SEGA.TTF
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 15:48:54 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-10-07 15:48:32 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-10-07 15:43:44 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2009-10-07 15:43:32 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-10-07 15:24:06 34068 ----a-w- c:\windows\system32\Repository.reg
2009-09-23 00:18:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:32:43.66 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 07 December 2009 - 02:31 PM

Hello, Thakidd33 and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 07 December 2009 - 04:43 PM

Ok heres the gmer log....




GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-07 13:41:44
Windows 6.1.7600
Running: yl7lil79.exe; Driver: C:\Users\Ty\AppData\Local\Temp\pgrdipoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83035AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83035104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830353F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301D634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830351DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83035958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830356F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83035F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830361A8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8FA9A79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8FA9A762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8FA9A7DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8FA9A81F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8FA9A710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8FA9A724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8FA9A7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8FA9A847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8FA9A833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8FA9A78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8FA9A776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8FA9A80B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8FA9A7F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8FA9A7C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8307D128 5 Bytes JMP 8FA9A7CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83095579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9AF6CC9D 28 Bytes [4F, E1, EF, D7, EE, C9, 37, ...]
.text peauth.sys 9AF6CCC1 28 Bytes [4F, E1, EF, D7, EE, C9, 37, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[548] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 009B006C
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 009B00A9
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 009B0F1E
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 009B0FA8
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 009B005B
.text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 009B0F57
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 009B0F68
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 009B0025
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 009B0FD4
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 009B00C4
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 009B000A
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 009B0F83
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 009B0FE5
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 009B0087
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 009B0FB9
.text C:\Windows\system32\services.exe[548] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 009B0098
.text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 009B0040
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_open 76647E48 5 Bytes JMP 00020FEF
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00020044
.text C:\Windows\system32\services.exe[548] msvcrt.dll!system 7667B16F 5 Bytes JMP 00020FC3
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00020029
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00020FD4
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00020018
.text C:\Windows\system32\services.exe[548] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 009C0000
.text C:\Windows\system32\services.exe[548] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\services.exe[548] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 009C0FCA
.text C:\Windows\system32\services.exe[548] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 009C0FAF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00240000
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00240025
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00240040
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00240F9E
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00240FEF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 0024005B
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00240FDE
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00240FB9
.text C:\Windows\system32\services.exe[548] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 000C0F5E
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 000C0F32
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 000C00C7
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 000C007D
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 000C0047
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 000C0F79
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 000C0F8A
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 000C0F17
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 000C0025
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 000C0036
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 000C0F4D
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 000C000A
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 000C00AC
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 000C0062
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_open 76647E48 5 Bytes JMP 000A0FE3
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 000A0FB0
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!system 7667B16F 5 Bytes JMP 000A0031
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 000A0FC1
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 000A0020
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_wopen 76680570 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\lsass.exe[564] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\lsass.exe[564] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\lsass.exe[564] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\lsass.exe[564] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 000D0FB2
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 000B000A
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 000B0054
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 000B0065
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 000B0FA8
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 000B002F
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 000B0FDE
.text C:\Windows\system32\lsass.exe[564] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 009000BA
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 009000DF
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00900F4A
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00900047
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 009000A9
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 0090007D
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00900FA5
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00900062
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 0090001B
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 00900F39
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00900FDB
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 00900FC0
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileA 76AC28FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 00900F6C
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 0090002C
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 00900F5B
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 0090008E
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_open 76647E48 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 008E0070
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!system 7667B16F 5 Bytes JMP 008E0FE5
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 008E0044
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 008E0055
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wopen 76680570 5 Bytes JMP 008E001D
.text C:\Windows\system32\svchost.exe[768] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00A50FEF
.text C:\Windows\system32\svchost.exe[768] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00A50FD4
.text C:\Windows\system32\svchost.exe[768] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00A5000A
.text C:\Windows\system32\svchost.exe[768] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00A5001B
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 008F0051
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 008F0FCA
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 008F006C
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 008F0FAF
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 008F0036
.text C:\Windows\system32\svchost.exe[768] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00A70FEF
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 004C0098
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 004C0F2F
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 004C00CE
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 004C0FCA
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 004C007D
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 004C0047
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 004C0F79
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 004C0F8A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 004C0FE5
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 004C0F1E
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 004C0036
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 004C0FA5
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 004C000A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 004C0F54
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 004C001B
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 004C00A9
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 004C0062
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_open 76647E48 5 Bytes JMP 00410FEF
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00410FA1
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!system 7667B16F 5 Bytes JMP 00410FB2
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00410FCD
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 0041002C
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00410FDE
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 008F0011
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 008F002C
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 004A0FE5
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 004A0036
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 004A0FB9
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 004A005B
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 004A0FD4
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 004A0FA8
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 004A0025
.text C:\Windows\system32\svchost.exe[852] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00A30FEF
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00F400B0
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00F40101
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00F400E6
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00F4001B
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 00F4009F
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00F4008E
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00F4007D
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00F40062
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 00F4000A
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 00F40F47
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00F40036
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 00F40047
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00F40FEF
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 00F400CB
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00F40FCA
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 00F40F6C
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 00F40F91
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_open 76647E48 5 Bytes JMP 00ED0000
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00ED004E
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!system 7667B16F 5 Bytes JMP 00ED0033
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00ED0FCD
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00ED0022
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00ED0011
.text C:\Windows\System32\svchost.exe[920] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00F90FEF
.text C:\Windows\System32\svchost.exe[920] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00F90FD4
.text C:\Windows\System32\svchost.exe[920] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00F90000
.text C:\Windows\System32\svchost.exe[920] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00F90FB9
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00F20FE5
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00F20FD4
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00F20065
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00F20FC3
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00F2000A
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00F20FB2
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00F2001B
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00F20036
.text C:\Windows\System32\svchost.exe[920] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00FA0FEF
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 009D0062
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 009D00A2
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 009D0091
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 009D0FAF
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 009D0051
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 009D0F4D
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 009D0F72
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 009D0F83
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 009D0FCA
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 009D0EE8
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 009D001B
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 009D0F94
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 009D0FE5
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 009D0F28
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 009D0000
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 009D0F0D
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 009D0040
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_open 76647E48 5 Bytes JMP 008E000C
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 008E0FB2
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!system 7667B16F 5 Bytes JMP 008E0033
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 008E0FDE
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 008E0FC3
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wopen 76680570 5 Bytes JMP 008E0FEF
.text C:\Windows\System32\svchost.exe[968] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00A2000A
.text C:\Windows\System32\svchost.exe[968] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00A20FEF
.text C:\Windows\System32\svchost.exe[968] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00A20025
.text C:\Windows\System32\svchost.exe[968] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00A2004A
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00970000
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 0097004E
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00970069
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00970FC7
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00970011
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 0097007A
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00970022
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00970033
.text C:\Windows\System32\svchost.exe[968] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00A3000A
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00EA00BD
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00EA00F3
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00EA00E2
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00EA0FCA
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 00EA00A2
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00EA0076
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00EA0065
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00EA0FA8
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 00EA001B
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 00EA0F43
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00EA0040
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 00EA0FB9
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileA 76AC28FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00EA0000
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 00EA0F83
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00EA0FE5
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 00EA0F72
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 00EA0087
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_open 76647E48 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00A00050
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!system 7667B16F 5 Bytes JMP 00A0003F
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00A0001D
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00A0002E
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00A00FE3
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00EB0000
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00EB0011
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00EB0022
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00EB0FDB
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00A5000A
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00A5002F
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00A50F8D
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00A50F9E
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00A50FEF
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00A50054
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00A50FD4
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00A50FC3
.text C:\Windows\system32\svchost.exe[1032] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00EC000A
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00380F97
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00380F6B
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00380F7C
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00380025
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 003800C0
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00380FB2
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 76ABB6BF 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00380FC3
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00380080
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileW 76AC0B5D 3 Bytes JMP 00380014
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileW + 4 76AC0B61 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 76AC1837 3 Bytes JMP 0038011B
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetProcAddress + 4 76AC183B 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 76AC2864 3 Bytes JMP 00380040
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA + 4 76AC2868 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 76AC28B2 3 Bytes JMP 0038005B
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW + 4 76AC28B6 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileA 76AC28FC 3 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileA + 4 76AC2900 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 76AC7CB5 3 Bytes JMP 003800E5
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW + 4 76AC7CB9 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00380FDE
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 00380100
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 003800AF
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_open 76647E48 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00210FC3
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!system 7667B16F 5 Bytes JMP 00210FDE
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00210044
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00210029
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00390000
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 0039001B
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 0039002C
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00370036
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00370058
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00370047
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00370FD4
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00370073
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00370025
.text C:\Windows\system32\svchost.exe[1152] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00520000
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00960F65
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00960F1E
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00960F2F
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 00960F80
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00960087
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 0096006C
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 0096005B
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 0096001B
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 009600CE
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00960FDE
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 00960FC3
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileA 76AC28FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 00960F54
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00960040
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 009600A9
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 00960098
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_open 76647E48 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 008C0033
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!system 7667B16F 5 Bytes JMP 008C0022
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 008C0011
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 008C0FBC
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wopen 76680570 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00970FDE
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00970039
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00910FE5
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00910F9E
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 0091002F
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00910F83
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00910FD4
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00910040
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00910FAF
.text C:\Windows\system32\svchost.exe[1280] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00980000
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 01220F94
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 0122011F
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 0122010E
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 01220036
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 012200B3
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 01220087
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 0122006C
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 01220FAF
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 0122001B
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 01220F6F
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 01220051
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 01220FC0
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 0122000A
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 012200D8
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 01220FE5
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 012200FD
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 012200A2
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_open 76647E48 5 Bytes JMP 01080FE3
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 01080051
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!system 7667B16F 5 Bytes JMP 01080036
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 01080FC6
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 0108001B
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_wopen 76680570 5 Bytes JMP 01080000
.text C:\Windows\system32\svchost.exe[1508] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 01270FEF
.text C:\Windows\system32\svchost.exe[1508] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 0127000A
.text C:\Windows\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 0127001B
.text C:\Windows\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 0127002C
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 01090000
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 01090FAF
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 01090F8A
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 0109002C
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 01090011
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 01090051
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 01090FD1
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 01090FC0
.text C:\Windows\system32\svchost.exe[1508] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 01280FEF
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 045500B3
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 04550F40
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 045500D5
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 04550014
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 045500A2
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 04550087
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 0455006C
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 0455005B
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 04550FDE
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 045500E6
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 0455002F
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 0455004A
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 04550FEF
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 04550F6F
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 04550FC3
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 045500C4
.text C:\Windows\Explorer.EXE[1596] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 04550F94
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 0454000A
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 04540047
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 04540073
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 04540058
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 0454001B
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 04540084
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 0454002C
.text C:\Windows\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 04540FDB
.text C:\Windows\Explorer.EXE[1596] msvcrt.dll!_open 76647E48 5 Bytes JMP 04480FEF
.text C:\Windows\Explorer.EXE[1596] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 04480044
.text C:\Windows\Explorer.EXE[1596] msvcrt.dll!system 7667B16F 5 Bytes JMP 04480FB9
.text C:\Windows\Explorer.EXE[1596] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 04480018
.text C:\Windows\Explorer.EXE[1596] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 04480029
.text C:\Windows\Explorer.EXE[1596] msvcrt.dll!_wopen 76680570 5 Bytes JMP 04480FDE
.text C:\Windows\Explorer.EXE[1596] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 04560000
.text C:\Windows\Explorer.EXE[1596] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 04560FE5
.text C:\Windows\Explorer.EXE[1596] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 0456001B
.text C:\Windows\Explorer.EXE[1596] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 04560036
.text C:\Windows\Explorer.EXE[1596] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 04570000
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00970F39
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00970098
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00970F03
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00970FB9
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 00970062
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00970F68
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00970F79
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00970036
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 00970EE8
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00970025
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 00970F94
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 0097007D
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00970FD4
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 00970F1E
.text C:\Windows\system32\svchost.exe[2956] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 00970051
.text C:\Windows\system32\svchost.exe[2956] msvcrt.dll!_open 76647E48 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[2956] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 008D0044
.text C:\Windows\system32\svchost.exe[2956] msvcrt.dll!system 7667B16F 5 Bytes JMP 008D0FB9
.text C:\Windows\system32\svchost.exe[2956] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 008D0FD4
.text C:\Windows\system32\svchost.exe[2956] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 008D0029
.text C:\Windows\system32\svchost.exe[2956] msvcrt.dll!_wopen 76680570 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[2956] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00A00FEF
.text C:\Windows\system32\svchost.exe[2956] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[2956] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00A0001B
.text C:\Windows\system32\svchost.exe[2956] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00A0002C
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 0096001B
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00960F94
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00960051
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00960FC3
.text C:\Windows\system32\svchost.exe[2956] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 0096000A
.text C:\Windows\system32\svchost.exe[2956] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00A10FEF
.text C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe[3020] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 0041C130 C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe[3020] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 0041C1B0 C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00060F83
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 000600EC
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00060F61
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00060FE5
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 000600A2
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00060F9E
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00060FAF
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 00060F3C
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 0006005B
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateFileA 76AC28FC 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 00060F72
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 000600DB
.text C:\Windows\System32\svchost.exe[3440] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 00060091
.text C:\Windows\System32\svchost.exe[3440] msvcrt.dll!_open 76647E48 5 Bytes JMP 0018000C
.text C:\Windows\System32\svchost.exe[3440] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00180FC1
.text C:\Windows\System32\svchost.exe[3440] msvcrt.dll!system 7667B16F 5 Bytes JMP 00180FD2
.text C:\Windows\System32\svchost.exe[3440] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00180027
.text C:\Windows\System32\svchost.exe[3440] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00180038
.text C:\Windows\System32\svchost.exe[3440] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[3440] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 001D000A
.text C:\Windows\System32\svchost.exe[3440] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 001D0FE5
.text C:\Windows\System32\svchost.exe[3440] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 001D001B
.text C:\Windows\System32\svchost.exe[3440] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 001D002C
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00360000
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00360F9B
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 0036003D
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00360022
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00360011
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00360F8A
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00360FDB
.text C:\Windows\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00360FC0
.text C:\Windows\System32\svchost.exe[3440] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 0038000A
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 000A0F3C
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 000A0094
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 000A0EF5
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 000A0014
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 000A0F4D
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 000A004A
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 000A0F72
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 000A0039
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 000A00A5
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 000A0FA8
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 000A0F8D
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 000A0F2B
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 000A0F10
.text C:\Windows\system32\svchost.exe[3472] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 000A0065
.text C:\Windows\system32\svchost.exe[3472] msvcrt.dll!_open 76647E48 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[3472] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 00130FB7
.text C:\Windows\system32\svchost.exe[3472] msvcrt.dll!system 7667B16F 5 Bytes JMP 00130042
.text C:\Windows\system32\svchost.exe[3472] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00130FD2
.text C:\Windows\system32\svchost.exe[3472] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00130027
.text C:\Windows\system32\svchost.exe[3472] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00130FE3
.text C:\Windows\system32\svchost.exe[3472] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[3472] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00180FDB
.text C:\Windows\system32\svchost.exe[3472] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00180011
.text C:\Windows\system32\svchost.exe[3472] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 0018002C
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00190FE5
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00190F9E
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00190F83
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00190F72
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[3472] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00190FAF
.text C:\Windows\system32\svchost.exe[3472] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 00060F4D
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00060F17
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 000600A2
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 00060F5E
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00060F79
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00060F8A
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00060047
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 00060FDE
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 000600D1
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00060FA5
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 0006002C
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 00060087
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 0006000A
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 00060F32
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[3796] msvcrt.dll!_open 76647E48 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[3796] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 000F0F8D
.text C:\Windows\system32\svchost.exe[3796] msvcrt.dll!system 7667B16F 5 Bytes JMP 000F0018
.text C:\Windows\system32\svchost.exe[3796] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 000F0FC3
.text C:\Windows\system32\svchost.exe[3796] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 000F0FB2
.text C:\Windows\system32\svchost.exe[3796] msvcrt.dll!_wopen 76680570 5 Bytes JMP 000F0FDE
.text C:\Windows\system32\svchost.exe[3796] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[3796] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[3796] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 00140FDE
.text C:\Windows\system32\svchost.exe[3796] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00140FCD
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00190039
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00190065
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00190054
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00190FDE
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00190FA8
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00190014
.text C:\Windows\system32\svchost.exe[3796] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00190FCD
.text C:\Windows\system32\svchost.exe[3796] WS2_32.dll!socket 77EC3F00 5 Bytes JMP 001F0000
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!GetStartupInfoA 76A71DF0 5 Bytes JMP 0007008A
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 000700E2
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 000700D1
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreateNamedPipeW 76AA1FD6 5 Bytes JMP 00070F9E
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreatePipe 76AA4A8B 5 Bytes JMP 00070F61
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!VirtualProtect 76AB50AB 5 Bytes JMP 00070054
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!LoadLibraryExW 76ABB6BF 5 Bytes JMP 00070039
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!LoadLibraryExA 76ABBC8B 5 Bytes JMP 00070028
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreateFileW 76AC0B5D 5 Bytes JMP 00070FD4
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!GetProcAddress 76AC1837 5 Bytes JMP 00070F32
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!LoadLibraryA 76AC2864 5 Bytes JMP 00070F8D
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!LoadLibraryW 76AC28B2 5 Bytes JMP 00070F7C
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreateFileA 76AC28FC 5 Bytes JMP 00070FEF
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!GetStartupInfoW 76AC7CB5 5 Bytes JMP 000700A5
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!CreateNamedPipeA 76AFD4DF 5 Bytes JMP 00070FB9
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!WinExec 76AFE695 5 Bytes JMP 000700B6
.text C:\Windows\system32\wuauclt.exe[5496] kernel32.dll!VirtualProtectEx 76AFF651 5 Bytes JMP 0007006F
.text C:\Windows\system32\wuauclt.exe[5496] msvcrt.dll!_open 76647E48 5 Bytes JMP 00140FEF
.text C:\Windows\system32\wuauclt.exe[5496] msvcrt.dll!_wsystem 7667B04F 5 Bytes JMP 0014003D
.text C:\Windows\system32\wuauclt.exe[5496] msvcrt.dll!system 7667B16F 5 Bytes JMP 00140FB2
.text C:\Windows\system32\wuauclt.exe[5496] msvcrt.dll!_creat 7667ED29 5 Bytes JMP 00140022
.text C:\Windows\system32\wuauclt.exe[5496] msvcrt.dll!_wcreat 7668038E 5 Bytes JMP 00140FC3
.text C:\Windows\system32\wuauclt.exe[5496] msvcrt.dll!_wopen 76680570 5 Bytes JMP 00140FDE
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegOpenKeyA 7687D2ED 5 Bytes JMP 00150000
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegCreateKeyA 7687D3C1 5 Bytes JMP 00150040
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegCreateKeyExA 76881B71 5 Bytes JMP 00150FB9
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegCreateKeyW 76881CC0 5 Bytes JMP 00150051
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegOpenKeyW 76883129 5 Bytes JMP 00150FEF
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegCreateKeyExW 7688B946 5 Bytes JMP 00150F9E
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegOpenKeyExA 7688BC0D 5 Bytes JMP 00150025
.text C:\Windows\system32\wuauclt.exe[5496] ADVAPI32.dll!RegOpenKeyExW 7688BEC4 5 Bytes JMP 00150FD4
.text C:\Windows\system32\wuauclt.exe[5496] WININET.dll!InternetOpenA 76B77E1C 5 Bytes JMP 0018000A
.text C:\Windows\system32\wuauclt.exe[5496] WININET.dll!InternetOpenW 76B79DA0 5 Bytes JMP 00180FE5
.text C:\Windows\system32\wuauclt.exe[5496] WININET.dll!InternetOpenUrlA 76B7DC18 5 Bytes JMP 0018001B
.text C:\Windows\system32\wuauclt.exe[5496] WININET.dll!InternetOpenUrlW 76BCDC14 5 Bytes JMP 00180FCA

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[108] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[108] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[108] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[792] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[792] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[792] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[792] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[792] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DC5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005DD6B4] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005DD646] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[1040] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B2250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B22494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B05624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B18573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B14D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74B166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B18819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B1907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B1E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B14C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device -> \Driver\nvstor32 \Device\Harddisk0\DR0 861F0369

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\nvstor32.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 08 December 2009 - 02:05 PM

Hi,


One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.





Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    nvstor32*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 08 December 2009 - 02:35 PM

ok so this morning i tried to turn on my computer and it wouldnt start like it said windows couldnt start...it said a recently downloaded programs may be preventing it to start...i havent downloaded anything once you told me not to while your helping me so i dont know why it would do that...but it let me do a system restore...so i restored it back to the 2nd of this month and the search redirection is not happening and mcaffe is not popping up saying it blocked and deleted the generic trojan every 5 minutes...do you want me to still do the systemlook?

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 08 December 2009 - 03:03 PM

No, but please post back with a fresh Gmer logfile to have a look if the rootkit is really gone away :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 08 December 2009 - 03:26 PM

ok gotta problem now...it wont finish running gmer...the first time i downloaded it again it stopped working i beleieve when it was getting ready to finish doing the full scan...then when i tried to run it again it gave me the BSOD...after restarting i tried to run the gmer again but it did the same thing i didnt re run a second time again im writing you to let you know....what do you think? i had mcafee off...all programs closed

#10 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 08 December 2009 - 04:06 PM

ok nevermind i got it to work...forgot about the zip version ok heres the log....



GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-08 13:05:23
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Ty\AppData\Local\Temp\pgrdipoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83431AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83431104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834313F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8341A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83419898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834311DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83431958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834316F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83431F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834321A8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8FA7579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8FA75738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8FA7574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8FA75762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8FA757DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8FA7581F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8FA75710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8FA75724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8FA757B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8FA75847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8FA75833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8FA7578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8FA75776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8FA7580B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8FA757F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8FA757C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 83032128 5 Bytes JMP 8FA757CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8304A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8306EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 91F32C9D 28 Bytes [84, 70, AA, 5D, B1, 77, 00, ...]
.text peauth.sys 91F32CC1 28 Bytes [84, 70, AA, 5D, B1, 77, 00, ...]
PAGE peauth.sys 91F38E20 101 Bytes [89, BB, C9, 64, 68, 37, EA, ...]
PAGE peauth.sys 91F3902C 102 Bytes [10, 18, 28, 09, 84, 52, CF, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtCreateFile + 6 773F4A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtCreateFile + B 773F4A1B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenFile + 6 773F5126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenFile + B 773F512B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenProcess + 6 773F51D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenProcess + B 773F51DB 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenProcessToken + B 773F51EB 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenProcessTokenEx + 6 773F51F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenProcessTokenEx + B 773F51FB 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenThread + 6 773F5256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenThread + B 773F525B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenThreadToken + 6 773F5266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenThreadToken + B 773F526B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtOpenThreadTokenEx + B 773F527B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtQueryAttributesFile + 6 773F5386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtQueryAttributesFile + B 773F538B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtQueryFullAttributesFile + B 773F543B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtSetInformationFile + 6 773F5A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtSetInformationFile + B 773F5A8B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtSetInformationThread + 6 773F5AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[108] ntdll.dll!NtSetInformationThread + B 773F5AEB 1 Byte [E2]
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00120F2B
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 0012009B
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 0012008A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 0012000A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00120F3C
.text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00120F72
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 0012004A
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00120039
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00120FDE
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00120EEB
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00120FA8
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00120F8D
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00120FEF
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00120F1A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00120FB9
.text C:\Windows\system32\services.exe[540] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00120079
.text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00120F57
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_open 77327E48 5 Bytes JMP 00200000
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00200FC0
.text C:\Windows\system32\services.exe[540] msvcrt.dll!system 7735B16F 5 Bytes JMP 00200FD1
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 0020003A
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 0020004B
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00200029
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00110FEF
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00110028
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00110FA1
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00110043
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00110FDE
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00110F86
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00110FCD
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00110FBC
.text C:\Windows\system32\services.exe[540] WS2_32.dll!socket 76893F00 5 Bytes JMP 00100FEF
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 001000CB
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 00100F51
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 001000F0
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00100FDB
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 001000BA
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 0010008E
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 0010007D
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00100062
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00100011
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 0010010B
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00100FCA
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00100047
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateFileA 76E228FC 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00100000
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00100F87
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 0010002C
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00100F6C
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 001000A9
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_open 77327E48 5 Bytes JMP 00120000
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00120F86
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!system 7735B16F 5 Bytes JMP 00120FAB
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00120011
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00120FBC
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00120FE3
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 000F000A
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 000F0051
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 000F0025
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 000F0F9E
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 000F0040
.text C:\Windows\system32\lsass.exe[568] WS2_32.dll!socket 76893F00 5 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 002400CB
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 00240F6C
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 00240F87
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00240047
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00240FA2
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 0024009F
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 0024008E
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 0024007D
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 0024001B
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 0024011C
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00240FDB
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 0024006C
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 002400E6
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00240036
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00240101
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 002400B0
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_open 77327E48 5 Bytes JMP 00250000
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00250FAB
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!system 7735B16F 5 Bytes JMP 00250FBC
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00250011
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 0025002C
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00250FD7
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00230FAF
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00230036
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00230F94
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00230FDB
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00230051
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00230FCA
.text C:\Windows\system32\svchost.exe[740] WS2_32.dll!socket 76893F00 5 Bytes JMP 00BE0FEF
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 005F008E
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 005F0F2C
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 005F00C1
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 005F0036
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 005F0F65
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 005F0F8A
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 005F006C
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 005F0FAF
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 005F0025
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 005F0F1B
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 005F0051
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 005F0FC0
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileA 76E228FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 005F0000
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 005F009F
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 005F0FEF
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 005F00B0
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 005F007D
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_open 77327E48 5 Bytes JMP 00610FE3
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00610F92
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!system 7735B16F 5 Bytes JMP 0061001D
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00610FC8
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00610FB7
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 005E0FEF
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 005E0FDE
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 005E008A
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 005E0065
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 005E000A
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 005E009B
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 005E002F
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 005E004A
.text C:\Windows\system32\svchost.exe[824] WS2_32.dll!socket 76893F00 5 Bytes JMP 00600FEF
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00910F28
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 00910087
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 00910EF2
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00910FB9
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00910051
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00910F4D
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 0091002F
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00910F72
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00910FD4
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00910ECD
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00910F9E
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00910F83
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00910FEF
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00910062
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 0091000A
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00910F0D
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00910040
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_open 77327E48 5 Bytes JMP 00EF0000
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00EF0042
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!system 7735B16F 5 Bytes JMP 00EF0FAD
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00EF001D
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00EF0FBE
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00EF0FEF
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00900047
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00900FC0
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00900058
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00900011
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00900087
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00900022
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00900FD1
.text C:\Windows\System32\svchost.exe[924] WS2_32.dll!socket 76893F00 5 Bytes JMP 00EE0FEF
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 009A0F8A
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 009A0F5E
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 009A00E9
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 009A002F
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 009A0FA5
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 009A00A2
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 009A007D
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 009A006C
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 009A0FD4
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 009A010E
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 009A0040
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 009A0051
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 009A0FE5
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 009A00D8
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 009A000A
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 009A0F79
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 009A00BD
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_open 77327E48 5 Bytes JMP 009D0000
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 009D002C
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!system 7735B16F 5 Bytes JMP 009D0FA1
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 009D0FD7
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 009D0FBC
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wopen 77360570 5 Bytes JMP 009D0011
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00990FEF
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00990036
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00990047
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00990FAF
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 0099000A
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00990F80
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00990FD4
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 0099001B
.text C:\Windows\System32\svchost.exe[964] WS2_32.dll!socket 76893F00 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00E50F65
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 00E50F39
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 00E50F54
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00E50FD4
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00E50F76
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00E50F91
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00E50073
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00E50062
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00E5001B
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00E50F28
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00E50036
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00E50047
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 76E228FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00E50000
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00E500A9
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00E50FE5
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00E500C4
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00E5008E
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 77327E48 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00EF0FBE
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 7735B16F 5 Bytes JMP 00EF0049
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00EF002E
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00EF0FD9
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00EF001D
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00E40000
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00E4001B
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00E4002C
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00E40F94
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00E40FE5
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00E40047
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00E40FCA
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00E40FB9
.text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 76893F00 5 Bytes JMP 00EE0000
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 007F00D1
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 007F0F4D
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 007F0F72
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 007F003D
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 007F0F9E
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 76E150AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 007F0FAF
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 007F0087
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 007F0FC0
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 007F001B
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 007F0F3C
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 007F004E
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 007F0FD1
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileA 76E228FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 007F0F8D
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 007F002C
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 007F00EC
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 007F00AC
.text C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_open 77327E48 5 Bytes JMP 00840FE3
.text C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00840F90
.text C:\Windows\system32\svchost.exe[1124] msvcrt.dll!system 7735B16F 5 Bytes JMP 00840FAB
.text C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00840FC6
.text C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 0084001B
.text C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00840000
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 007E0036
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 007E0F94
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 007E0FA5
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 007E0011
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 007E0F79
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 007E0FE5
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 007E0FD4
.text C:\Windows\system32\svchost.exe[1124] WS2_32.dll!socket 76893F00 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00970F5E
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 00970F32
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 009700C7
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00970FC3
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00970F6F
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 0097006C
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 0097005B
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 0097004A
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00970F17
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 0097002F
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00970FB2
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00970F4D
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00970FD4
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 009700AC
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 0097007D
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_open 77327E48 5 Bytes JMP 009D000C
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 009D0FAD
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!system 7735B16F 5 Bytes JMP 009D0038
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 009D0FD9
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 009D0FC8
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wopen 77360570 5 Bytes JMP 009D001D
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 008E0F9E
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 008E0F7C
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 008E0F8D
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 008E0FDE
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 008E0F61
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 008E0014
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 008E0FB9
.text C:\Windows\system32\svchost.exe[1212] WS2_32.dll!socket 76893F00 5 Bytes JMP 00980000
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00E20F8A
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 00E200E2
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 00E20F43
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00E20036
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00E200A9
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00E20FA5
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00E20073
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00E20062
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00E2000A
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00E20F28
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00E20FCA
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00E20051
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00E20FEF
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00E20F6F
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00E2001B
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00E20F5E
.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00E20098
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_open 77327E48 5 Bytes JMP 00E40000
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00E40F9A
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!system 7735B16F 5 Bytes JMP 00E40FB5
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00E40FD7
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00E40FC6
.text C:\Windows\system32\svchost.exe[1368] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00E40011
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00A80000
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00A80FA5
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00A80040
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00A80F94
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00A80FE5
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00A80F83
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00A8001B
.text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00A80FC0
.text C:\Windows\system32\svchost.exe[1368] WS2_32.dll!socket 76893F00 5 Bytes JMP 00E30000
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 007B0098
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 007B00FA
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 007B00D5
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 007B001B
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 007B0F6F
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 007B006C
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 007B0051
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 007B0040
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 007B0FEF
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 007B0F4A
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 007B0FB9
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 007B0FA8
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateFileA 76E228FC 1 Byte [E9]
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 007B0000
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 007B00A9
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 007B0FCA
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 007B00C4
.text C:\Windows\Explorer.EXE[1764] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 007B007D
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00760FE5
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00760025
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00760F79
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00760F9E
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00760FD4
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00760F68
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 0076000A
.text C:\Windows\Explorer.EXE[1764] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00760FB9
.text C:\Windows\Explorer.EXE[1764] msvcrt.dll!_open 77327E48 5 Bytes JMP 007C0FE3
.text C:\Windows\Explorer.EXE[1764] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 007C0FA6
.text C:\Windows\Explorer.EXE[1764] msvcrt.dll!system 7735B16F 5 Bytes JMP 007C0FB7
.text C:\Windows\Explorer.EXE[1764] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 007C000C
.text C:\Windows\Explorer.EXE[1764] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 007C001D
.text C:\Windows\Explorer.EXE[1764] msvcrt.dll!_wopen 77360570 5 Bytes JMP 007C0FD2
.text C:\Windows\Explorer.EXE[1764] WININET.dll!InternetOpenA 767B7E1C 5 Bytes JMP 03F60000
.text C:\Windows\Explorer.EXE[1764] WININET.dll!InternetOpenW 767B9DA0 5 Bytes JMP 03F6001B
.text C:\Windows\Explorer.EXE[1764] WININET.dll!InternetOpenUrlA 767BDC18 5 Bytes JMP 03F60FE5
.text C:\Windows\Explorer.EXE[1764] WININET.dll!InternetOpenUrlW 7680DC14 5 Bytes JMP 03F60FCA
.text C:\Windows\Explorer.EXE[1764] WS2_32.dll!socket 76893F00 5 Bytes JMP 039E0FEF
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00380F68
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 003800E2
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 003800C7
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 0038002F
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00380F79
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00380087
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00380076
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00380065
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00380014
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 003800F3
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 0038004A
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00380FC3
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00380F57
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00380FDE
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 003800B6
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00380F8A
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_open 77327E48 5 Bytes JMP 003E0FEF
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 003E006E
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!system 7735B16F 5 Bytes JMP 003E005D
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 003E0027
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 003E0038
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wopen 77360570 5 Bytes JMP 003E000C
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00330025
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00330F83
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00330FA8
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00330FD4
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00330040
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00330FB9
.text C:\Windows\system32\svchost.exe[1800] WS2_32.dll!socket 76893F00 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenA 767B7E1C 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenW 767B9DA0 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenUrlA 767BDC18 5 Bytes JMP 00370FD4
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenUrlW 7680DC14 5 Bytes JMP 0037002F
.text C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe[1896] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 0041C130 C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe[1896] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 0041C1B0 C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + 6 773F4A16 4 Bytes [28, 00, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + B 773F4A1B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + 6 773F5126 4 Bytes [68, 00, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + B 773F512B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + 6 773F51D6 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + B 773F51DB 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + B 773F51EB 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + 6 773F51F6 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + B 773F51FB 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + 6 773F5256 4 Bytes [68, 01, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + B 773F525B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + 6 773F5266 4 Bytes [68, 02, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + B 773F526B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + B 773F527B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + 6 773F5386 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + B 773F538B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + B 773F543B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + 6 773F5A86 4 Bytes [28, 01, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + B 773F5A8B 1 Byte [E2]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + 6 773F5AE6 4 Bytes [28, 02, 16, 00]
.text C:\Users\Ty\AppData\Local\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + B 773F5AEB 1 Byte [E2]
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 000100C7
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 000100AC
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00010091
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00010076
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 000100D8
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateFileA 76E228FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[2468] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[2468] msvcrt.dll!_open 77327E48 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[2468] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 000D0027
.text C:\Windows\system32\svchost.exe[2468] msvcrt.dll!system 7735B16F 5 Bytes JMP 000D0016
.text C:\Windows\system32\svchost.exe[2468] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 000D0FC1
.text C:\Windows\system32\svchost.exe[2468] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 000D0FA6
.text C:\Windows\system32\svchost.exe[2468] msvcrt.dll!_wopen 77360570 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 000E004A
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 000E0FA8
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 000E0FB9
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 000E000A
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 000E0F8D
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 000E002F
.text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[2468] WS2_32.dll!socket 76893F00 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 00010F1E
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 000100A2
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00010F5E
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00010F79
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00010EE8
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00010F0D
.text C:\Windows\system32\svchost.exe[3268] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00010F43
.text C:\Windows\system32\svchost.exe[3268] msvcrt.dll!_open 77327E48 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[3268] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00060F9A
.text C:\Windows\system32\svchost.exe[3268] msvcrt.dll!system 7735B16F 5 Bytes JMP 00060FAB
.text C:\Windows\system32\svchost.exe[3268] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00060FD7
.text C:\Windows\system32\svchost.exe[3268] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00060FBC
.text C:\Windows\system32\svchost.exe[3268] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 00170025
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00170FCA
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00170F5E
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00170FB9
.text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[3268] WS2_32.dll!socket 76893F00 5 Bytes JMP 00330FEF
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 0001009B
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 000100C7
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 000100AC
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00010080
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 0001005B
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00010F83
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00010F0D
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00010025
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00010FA8
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00010F57
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00010FDE
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 00010F32
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00010F68
.text C:\Windows\System32\svchost.exe[4360] msvcrt.dll!_open 77327E48 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[4360] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 00060F9A
.text C:\Windows\System32\svchost.exe[4360] msvcrt.dll!system 7735B16F 5 Bytes JMP 00060025
.text C:\Windows\System32\svchost.exe[4360] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 00060FBC
.text C:\Windows\System32\svchost.exe[4360] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00060FAB
.text C:\Windows\System32\svchost.exe[4360] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00060FE3
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 001E0FE5
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 001E003D
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 001E0FAC
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 001E0058
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 001E0000
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 001E0069
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 001E0011
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 001E0022
.text C:\Windows\System32\svchost.exe[4360] wininet.dll!InternetOpenA 767B7E1C 5 Bytes JMP 002C0FE5
.text C:\Windows\System32\svchost.exe[4360] wininet.dll!InternetOpenW 767B9DA0 5 Bytes JMP 002C0FD4
.text C:\Windows\System32\svchost.exe[4360] wininet.dll!InternetOpenUrlA 767BDC18 5 Bytes JMP 002C000A
.text C:\Windows\System32\svchost.exe[4360] wininet.dll!InternetOpenUrlW 7680DC14 5 Bytes JMP 002C0FB9
.text C:\Windows\System32\svchost.exe[4360] WS2_32.dll!socket 76893F00 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!GetStartupInfoA 76DD1DF0 5 Bytes JMP 000100A5
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreateProcessW 76DD202D 5 Bytes JMP 000100F6
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreateProcessA 76DD2062 5 Bytes JMP 000100E5
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreateNamedPipeW 76E01FD6 5 Bytes JMP 00010FB2
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreatePipe 76E04A8B 5 Bytes JMP 00010094
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!VirtualProtect 76E150AB 5 Bytes JMP 00010F86
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!LoadLibraryExW 76E1B6BF 5 Bytes JMP 00010054
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!LoadLibraryExA 76E1BC8B 5 Bytes JMP 00010F97
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreateFileW 76E20B5D 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!GetProcAddress 76E21837 5 Bytes JMP 00010111
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!LoadLibraryA 76E22864 5 Bytes JMP 00010028
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!LoadLibraryW 76E228B2 5 Bytes JMP 00010039
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreateFileA 76E228FC 5 Bytes JMP 00010FE5
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!GetStartupInfoW 76E27CB5 5 Bytes JMP 00010F61
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!CreateNamedPipeA 76E5D4DF 5 Bytes JMP 00010FC3
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!WinExec 76E5E695 5 Bytes JMP 000100CA
.text C:\Windows\system32\wuauclt.exe[4952] kernel32.dll!VirtualProtectEx 76E5F651 5 Bytes JMP 00010079
.text C:\Windows\system32\wuauclt.exe[4952] msvcrt.dll!_open 77327E48 5 Bytes JMP 00070FEF
.text C:\Windows\system32\wuauclt.exe[4952] msvcrt.dll!_wsystem 7735B04F 5 Bytes JMP 0007003B
.text C:\Windows\system32\wuauclt.exe[4952] msvcrt.dll!system 7735B16F 5 Bytes JMP 00070FA6
.text C:\Windows\system32\wuauclt.exe[4952] msvcrt.dll!_creat 7735ED29 5 Bytes JMP 0007000C
.text C:\Windows\system32\wuauclt.exe[4952] msvcrt.dll!_wcreat 7736038E 5 Bytes JMP 00070FB7
.text C:\Windows\system32\wuauclt.exe[4952] msvcrt.dll!_wopen 77360570 5 Bytes JMP 00070FDE
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegOpenKeyA 76D3D2ED 5 Bytes JMP 00080FEF
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegCreateKeyA 76D3D3C1 5 Bytes JMP 00080025
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegCreateKeyExA 76D41B71 5 Bytes JMP 00080F9E
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegCreateKeyW 76D41CC0 5 Bytes JMP 0008004A
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegOpenKeyW 76D43129 5 Bytes JMP 00080FDE
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegCreateKeyExW 76D4B946 5 Bytes JMP 00080065
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegOpenKeyExA 76D4BC0D 5 Bytes JMP 00080014
.text C:\Windows\system32\wuauclt.exe[4952] ADVAPI32.dll!RegOpenKeyExW 76D4BEC4 5 Bytes JMP 00080FC3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D5250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D52494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D35624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D48573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D44D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D48819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D4907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D4E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D44C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2192] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe[2192] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2376] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2376] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2376] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2376] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2376] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2388] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 10 December 2009 - 02:30 PM

Looks good :(.

How is your system running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 December 2009 - 03:23 PM

system is doing good :( not as fast as it was when i first got it but still pretty fast! one thing though...you wouldnt happen to know how to fix desktop problems would you? like anytime i click on the maximize button on the top of any program it will leave like a pretty wide side bar on the right hand side of the screen where i would see the desktop instead of the whole window being there...or is that a whole different forum?

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 10 December 2009 - 03:33 PM

Hi there,

I think it is better to ask in the Windows forum here at BleepingComputer. The guys over there can help you better with such things that I could :(.



Let's cleanup our work :(.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 Thakidd33

Thakidd33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 December 2009 - 03:37 PM

ok Hey thanks for your help! :(

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:14 AM

Posted 10 December 2009 - 03:45 PM

You're welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users