Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another person with a Google redirect problem


  • Please log in to reply
5 replies to this topic

#1 jeswald

jeswald

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 01 February 2010 - 10:45 PM

Hi all,

I am suffering from the Google redirect problem. Whenever I do a Google search, clicking on the resulting links takes me to random sites. Interestingly, clicking "back" then clicking the link again takes me to the right site.

I am running:
Windows XP SP3
Firefox 3.6, IE 8.0 (the problem shows up in both browsers)

McAfee full scan reports no problems
MalwareBytes Anti-Malware reported some problems, cleaned them, and now reports no problems.

Would appreciate any help!

Regards,

J

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 PM

Posted 01 February 2010 - 11:36 PM

Hello let's do a rootkit scan.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jeswald

jeswald
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 02 February 2010 - 08:22 AM

Still working on it ...

Sorry for the slow response to your instructions. I ran Gmer overnight but it hung the machine. Running it again now - I hope to be able to post Gmer results when I return home this evening. Thanks for your help.

J

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 PM

Posted 02 February 2010 - 12:47 PM

Ok, If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

Rootkit scanning

Before performing a Anti rootkit scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

Disconnect from the Internet or physically unplug you Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jeswald

jeswald
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 02 February 2010 - 11:05 PM

I finally got Gmer to run. Interestingly, it finally ran without crashing the system when I *reconnected* my network cable. Go figure. Results below.

J

-----------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-02 22:56:31
Windows 5.1.2600 Service Pack 3
Running: p4q59ohd.exe; Driver: C:\DOCUME~1\Jesse\LOCALS~1\Temp\uxtiraoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA690C78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA690C821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA690C738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA690C74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA690C835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA690C861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA690C8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA690C8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA690C7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA690C8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA690C80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA690C710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA690C724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA690C79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA690C937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA690C8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA690C88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA690C84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA690C923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA690C90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA690C776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA690C762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA690C877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA690C7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA690C8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA690C7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA690C7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A6A 7 Bytes JMP A690C7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BF4 5 Bytes JMP A690C811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80573037 7 Bytes JMP A690C891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057791D 5 Bytes JMP A690C825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80578A14 7 Bytes JMP A690C93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 7 Bytes JMP A690C8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP A690C78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC0 5 Bytes JMP A690C766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF1 5 Bytes JMP A690C7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E369 7 Bytes JMP A690C7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80581702 5 Bytes JMP A690C714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581889 7 Bytes JMP A690C7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8058228C 7 Bytes JMP A690C87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80587693 3 Bytes JMP A690C8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey + 4 80587697 3 Bytes [26, 90, 90]
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP A690C750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP A690C7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80591F8B 7 Bytes JMP A690C865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80593334 7 Bytes JMP A690C839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0470 5 Bytes JMP A690C73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1941 5 Bytes JMP A690C728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E2197 5 Bytes JMP A690C8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635977 5 Bytes JMP A690C77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DE6 7 Bytes JMP A690C8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8065570C 7 Bytes JMP A690C8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655B88 7 Bytes JMP A690C84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8065607D 5 Bytes JMP A690C913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806564E8 5 Bytes JMP A690C927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\iaStor.sys entry point in ".rsrc" section [0xF747EF80]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77F2760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB8EF5F80]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xA72AA280, 0x7B1C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 11870000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 11870087
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 11870076
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 11870F9E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1187005B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1187004A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 118700D0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 118700BF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 11870F41
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 11870F52
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 118700F5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 11870FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 11870FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 118700A2
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 11870FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 11870025
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 11870F63
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 11570014
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 1157005B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 11570FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 11570FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 11570040
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 11570FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 5 Bytes JMP 1157002F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 11570FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 00DC0064
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 00DC0053
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 00DC0FE3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 00DC0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 00DC0042
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 00DC001D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[272] WS2_32.dll!socket 11104211 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C40FC0
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C4007D
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40051
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C400C9
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C400B8
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40F5C
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C400FF
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C4011A
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40062
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C40014
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40F8D
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40036
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C400E4
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30FAF
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30F68
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30F79
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30F8A
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FA3
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C2002E
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FD2
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C2001D
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070091
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F35
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F46
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700F3
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F61
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F6F
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA8
.text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB9
.text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050018
.text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050033
.text C:\WINDOWS\system32\services.exe[840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D000BF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D000A4
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00089
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D0006C
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F88
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D000D0
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000F5
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00F5C
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F4B
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D00FAF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D00F6D
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0FC3
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0065
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF004A
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C60FA6
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60031
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60FD2
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60FB7
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C60FE3
.text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50F62
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50F73
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50F84
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B5004D
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50FB2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F2A
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50F3B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50EED
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50EFE
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B500AB
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50FA1
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50072
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50FCD
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FDE
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F0F
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B4002C
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40FA2
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B40011
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B40069
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B4004E
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B4003D
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B30053
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30FD2
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B30027
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FE3
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30038
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B3000C
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0075
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE005A
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F76
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0033
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F4A
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0092
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00BE
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F25
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00D9
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0022
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0F65
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FAF
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE00A3
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0039
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0F86
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0FA1
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CD0FBC
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ED, 88]
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0FCD
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0049
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0FBE
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC001D
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0038
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AF0000
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02AF009A
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02AF0089
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AF0FA5
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AF0FC0
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02AF0047
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02AF0F52
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02AF0F6D
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AF00C9
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AF0F30
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02AF00E4
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02AF0062
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02AF0011
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02AF0F8A
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02AF002C
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02AF0FDB
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02AF0F41
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 026C0FE5
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 026C0087
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 026C0036
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 026C0011
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 026C0FCA
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 026C0000
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 026C006C
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 026C0051
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026B0025
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 026B0F9A
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026B0FBC
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026B0000
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026B0FAB
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026B0FD7
.text C:\WINDOWS\System32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026A0FEF
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02690000
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02690011
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0269002C
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02690047
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B004C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0F61
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0F72
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0F83
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B007F
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B006E
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B0F0B
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B0F26
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007B00B5
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007B0F94
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007B005D
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007B0FAF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007B009A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007A0FC3
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007A0F97
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007A0014
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007A0FA8
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007A0FEF
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007A004A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007A0039
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00790FBC
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790047
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790011
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0079002C
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790FD7
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10076
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10065
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F81
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100A4
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10087
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F37
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100D0
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F26
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F66
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100BF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C0006C
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF005D
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FC8
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF001D
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF002E
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F86
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0FA1
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE007B
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0FB2
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00BD
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F75
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F53
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00EC
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0107
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0096
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE001E
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F64
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930014
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093006C
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093005B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0093002F
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920070
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920055
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920029
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0092003A
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900047
.text C:\WINDOWS\system32\svchost.exe[1528] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0082
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0067
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A004A
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00CB
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00BA
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0101
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F68
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A011C
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A009D
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[3188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00DC
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9E
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FB9
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0029005B
.text C:\WINDOWS\Explorer.EXE[3188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FB2
.text C:\WINDOWS\Explorer.EXE[3188] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0033
.text C:\WINDOWS\Explorer.EXE[3188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FCD
.text C:\WINDOWS\Explorer.EXE[3188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0022
.text C:\WINDOWS\Explorer.EXE[3188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\Explorer.EXE[3188] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3188] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[3188] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[3188] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[3188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 023E0000
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F85
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A007A
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F96
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A005F
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0033
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B0
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0095
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F3C
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A004E
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F6A
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0022
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0011
.text C:\WINDOWS\explorer.exe[3540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F4D
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029000A
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F79
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290036
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F9E
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\explorer.exe[3540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029001B
.text C:\WINDOWS\explorer.exe[3540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\explorer.exe[3540] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A003A
.text C:\WINDOWS\explorer.exe[3540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\explorer.exe[3540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A000C
.text C:\WINDOWS\explorer.exe[3540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0029
.text C:\WINDOWS\explorer.exe[3540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\explorer.exe[3540] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C000A
.text C:\WINDOWS\explorer.exe[3540] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C001B
.text C:\WINDOWS\explorer.exe[3540] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C002C
.text C:\WINDOWS\explorer.exe[3540] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0FD1
.text C:\WINDOWS\explorer.exe[3540] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F68
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F83
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F94
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0051
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F3C
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0078
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F06
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00BA
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0036
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A000A
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F57
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A001B
.text C:\WINDOWS\explorer.exe[4016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00A9
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FAF
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290040
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FCA
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F83
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290025
.text C:\WINDOWS\explorer.exe[4016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F94
.text C:\WINDOWS\explorer.exe[4016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F97
.text C:\WINDOWS\explorer.exe[4016] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FB2
.text C:\WINDOWS\explorer.exe[4016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD7
.text C:\WINDOWS\explorer.exe[4016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\explorer.exe[4016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0022
.text C:\WINDOWS\explorer.exe[4016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0011
.text C:\WINDOWS\explorer.exe[4016] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\explorer.exe[4016] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0011
.text C:\WINDOWS\explorer.exe[4016] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C002C
.text C:\WINDOWS\explorer.exe[4016] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0047
.text C:\WINDOWS\explorer.exe[4016] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0FEF

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:00 PM

Posted 02 February 2010 - 11:23 PM

Hello your iaStor.sys is being suspiciously modified. We will need to move into the Malware Removal forum to fix this... We will need an HJT/DDS log.
You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis.
Instead of the rootrepeal scan use this GMER log.
Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title ..perhaps (iaStor.sys is being suspiciously modified) and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users