Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Issue - Can't connect to Windows Update


  • Please log in to reply
21 replies to this topic

#1 prdufresne

prdufresne

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 23 August 2010 - 04:54 PM

As instructed, I've collected the necessary log files. Hopefully, this will help in the removal of this malware.

BTW: GMER crashed after running it. I suspect this is the malware trying to protect itself.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Dufresne at 15:39:47.72 on 23/08/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3071.2002 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Users\PAULDU~1\AppData\Local\Temp\A~NSISu_.tmp
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Paul Dufresne\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100512175343.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [gStart] c:\program files\garmin\gStart.exe
uRun: [newsecureapp70700.exe] c:\users\paul dufresne\appdata\roaming\b457427731212536122f553b03bd2642\newsecureapp70700.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\pauldu~1\appdata\roaming\mozilla\firefox\profiles\5yq3h4h4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\paul dufresne\appdata\roaming\mozilla\firefox\profiles\5yq3h4h4.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\paul dufresne\appdata\roaming\mozilla\firefox\profiles\5yq3h4h4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {48E4478E-19AB-4E05-8AC5-5153CF09C56F} - c:\users\paul dufresne\appdata\local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 385880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-5-6 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-5-6 160720]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 88176]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-6 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-6 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-6 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-6 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-6 141792]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-16 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-16 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-6 312616]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\wsdprint.sys [2009-12-18 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-6 55456]
S3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\drivers\cvpopflt.sys [2007-5-9 1507104]
S3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\drivers\cvuvc.sys [2007-5-9 1924128]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-18 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-6 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-16 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-23 17:28:23 0 d-----w- C:\TDSSKiller_Quarantine
2010-08-20 12:51:39 0 d-----w- c:\users\pauldu~1\appdata\roaming\Malwarebytes
2010-08-20 12:51:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 12:51:31 0 d-----w- c:\programdata\Malwarebytes
2010-08-20 12:51:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 12:51:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 04:45:44 757760 ----a-w- c:\windows\system32\drivers\uteajs.sys
2010-08-19 04:45:39 20 ----a-w- c:\users\pauldu~1\appdata\roaming\bawuho.dat
2010-08-17 22:20:32 0 d-----w- c:\program files\GPSBabel
2010-08-11 18:24:57 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:24:54 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:24:41 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:24:25 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 18:24:25 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 18:24:21 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:24:18 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:24:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:24:13 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 15:13:41 6198 ----a-w- c:\users\paul dufresne\.recently-used.xbel
2010-08-07 15:10:17 0 d-----w- c:\users\pauldu~1\appdata\roaming\WinBatch
2010-07-27 18:27:55 176836 ---ha-w- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2010-08-23 18:10:55 91367 ----a-w- c:\programdata\nvModes.dat
2010-07-05 19:36:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-05 19:36:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-05 19:36:49 143360 ----a-w- c:\windows\inf\infstor.dat
2010-07-05 19:36:47 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 15:06:07 630 ----a-w- c:\program files\RejoinCommandLine.txt
2010-02-03 08:18:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-11 01:51:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-08 18:55:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-08 18:55:51 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-08 18:55:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-07 06:02:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-08-01 05:10:18 22 --sha-w- c:\windows\sminst\HPCD.SYS
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2007-12-07 03:16:47 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:41:49.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 29 August 2010 - 04:54 PM

Hi prdufresne,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 29 August 2010 - 06:34 PM

Alright, as requested, here are the contents of the four log files.

MBAM:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

29/08/2010 6:51:11 PM
mbam-log-2010-08-29 (18-51-11).txt

Scan type: Quick scan
Objects scanned: 135815
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 19:22:19
Windows 6.0.6002 Service Pack 2
Running: ozu4lyvm.exe; Driver: C:\Users\PAULDU~1\AppData\Local\Temp\uwrdqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82B54D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82B54DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82B54D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82B54D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8246B9D2 5 Bytes JMP 82B54D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82630DA3 5 Bytes JMP 82B54DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 826504FA 7 Bytes JMP 82B54D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 826507BD 5 Bytes JMP 82B54DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\uteajs.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00F50000
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00F50FD1
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00F50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E50F5E
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E500A4
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E50F28
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E50F39
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E5007F
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E5002C
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E50F6F
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E5006E
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E50FC0
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E50FA5
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E5003D
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E50F8A
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E500D0
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E50000
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\services.exe[776] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E500BF
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC004A
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FA8
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0039
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F8D
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FE5
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC0FC3
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F70038
.text C:\Windows\system32\services.exe[776] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F70027
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F7000C
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F70FB7
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F70FDE
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F60000
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F60FE5
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F60FCA
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F60FB9
.text C:\Windows\system32\services.exe[776] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FD0000
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00D70FE5
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00D70FCA
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00D70000
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008D0F3F
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008D0F50
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008D0F09
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 008D0F1A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 008D0F7C
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 008D0FC3
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 008D0FB2
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 008D0F61
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 008D0F97
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 008D0039
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 008D004A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 008D001E
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 008D0071
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 008D00BB
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008D00A0
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00DA005B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00DA0FC3
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00DA0000
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00DA004A
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00DA0076
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00DA001B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00DA0FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!system 76C4804B 5 Bytes JMP 00D90FB9
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00D9000C
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00D9001D
.text C:\Windows\system32\lsass.exe[800] WS2_32.dll!socket 777536D1 5 Bytes JMP 00DB0000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00D80000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00D80FD4
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00D80FC3
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00760FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 002D0F5C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 002D0F6D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 002D0F26
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 002D00BD
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 002D0073
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 002D0FC0
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 002D0F88
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 002D0062
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 002D003D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 002D0FA5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 002D002C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 002D0098
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 002D00D8
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 002D0F41
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009D0047
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 76C4804B 5 Bytes JMP 009D0036
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009D0FC6
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009E0FA8
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009E0040
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009E0065
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009E0FE5
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00770011
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00770022
.text C:\Windows\system32\svchost.exe[1008] WS2_32.dll!socket 777536D1 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00760F3A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00760080
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 007600B6
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 0076009B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00760F66
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00760FDB
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00760FCA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00760F55
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00760F77
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00760040
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00760F9E
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00760FB9
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00760EFA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00760011
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00760F29
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009E0049
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 76C4804B 5 Bytes JMP 009E0FBE
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009E002E
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009E0FD9
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009E001D
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009F0FC0
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009F0062
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009F002C
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FDE
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 777536D1 5 Bytes JMP 00A00FEF
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0127000A
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 01270036
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 01270025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 01260F33
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 01260F44
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 012600A5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 01260F0E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 01260040
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 01260FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 01260025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 01260F55
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 01260F66
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 01260F94
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 01260F83
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 01260FAF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 01260065
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 012600C0
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0126000A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 01260FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 01260094
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0129002E
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76C4804B 5 Bytes JMP 01290FAD
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01290FD9
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01290000
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01290FC8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01290011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 012F0062
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 012F0036
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 012F0000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 012F0047
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 012F0073
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 012F0FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 012F0011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 012F0FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01280FEF
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0128000A
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01280FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01280025
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 777536D1 5 Bytes JMP 01300FEF
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00EE0000
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00EE002C
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00EE0011
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00ED0091
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00ED0080
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00ED0F29
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00ED0F3A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00ED0F66
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00ED0FD4
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00ED0FC3
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00ED0F55
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00ED0040
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00ED0F8D
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00ED002F
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00ED0FA8
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00ED0065
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00ED00E5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00ED000A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00ED0FE5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00ED00B6
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F10F94
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F10029
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F10FDE
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F1000C
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F10FC3
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F10FEF
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00F6005B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00F60040
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00F60FB9
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00F60076
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00F6001B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00F6000A
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00F60FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F00FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F00FB9
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F00FA8
.text C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E30000
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E30FE5
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E30025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E20F65
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E200B5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E200D0
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E20F2F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E2006E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E20FD4
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E20025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E2009A
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E20F94
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E20047
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E20FA5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E20036
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E2007F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E20F1E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E20FE5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E20000
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E20F4A
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00E5003D
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!system 76C4804B 5 Bytes JMP 00E50FB2
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00E50018
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00E50FC3
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00E50FDE
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00E70F94
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00E70FB6
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00E70000
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00E70FA5
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00E70F79
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00E70022
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00E70011
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00E70FD1
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00E40FE5
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1308] WS2_32.dll!socket 777536D1 5 Bytes JMP 00EC0000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 6AB89AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 6AB89A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00810FCA
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00010F80
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00010F91
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00010117
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00010106
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00010097
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00010033
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000100B2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0001007C
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00010FBD
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0001005F
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00010044
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00010FA2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000100EB
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00840044
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 76C4804B 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00840029
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0084000C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00020F9E
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00020036
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00020FAF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00020F83
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0002000A
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00020025
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00820FE5
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0082001B
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00820FCA
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 777536D1 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00F50096
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00F50F50
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00F500C2
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00F500A7
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00F50060
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00F50FB9
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00F50F6B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00F50F7C
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00F50F8D
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00F5002F
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00F50F9E
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00F5007B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00F500D3
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00F50FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00F50F35
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01710038
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!system 76C4804B 5 Bytes JMP 01710027
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01710FC1
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01710FEF
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01710016
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01710FD2
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01700014
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01700FDE
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01700039
.text C:\Windows\system32\svchost.exe[1640] WS2_32.dll!socket 777536D1 5 Bytes JMP 017A000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E5000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E50025
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009600A4
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00960F5E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009600BF
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00960F28
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00960F9B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00960FDB
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00960FC0
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00960F6F
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00960069
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00960047
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00960058
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00960F80
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00960F0D
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00960011
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00960F39
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01A10FA8
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!system 76C4804B 5 Bytes JMP 01A10FB9
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01A10033
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01A10000
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01A10FDE
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01A10FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00980F6B
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00980F8D
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00980F7C
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00980F5A
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00980FA8
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01A00FEF
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01A00FDE
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01A00014
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01A0002F
.text C:\Windows\system32\svchost.exe[1752] WS2_32.dll!socket 777536D1 5 Bytes JMP 01AE000A
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 007B0FEF
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 007B0FB9
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 007B0FD4
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00790F3A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00790F4B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00790F15
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 007900B6
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0079004A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00790028
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00790080
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00790F7C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00790FA8
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00790F97
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00790039
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0079006F
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00790F04
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00790091
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 02020064
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!system 76C4804B 5 Bytes JMP 02020049
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0202001D
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02020000
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02020038
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02020FE3
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 007A0F9E
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 007A0036
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 007A0FE5
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 007A0FAF
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 007A005B
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 007A0FD4
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 007A0000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 007A0025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00780025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FE5
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FD4
.text C:\Windows\system32\svchost.exe[1972] WS2_32.dll!socket 777536D1 5 Bytes JMP 02410FE5
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 02B0000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 02B00FEF
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 02B00025
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 016B000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0169000A
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 02790F7E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 02790F99
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 027900F0
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 027900D5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 027900A9
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 02790036
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 02790051
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 027900C4
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 02790098
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 02790FE5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 02790087
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0279006C
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 02790FAA
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 02790F3E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0279001B
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 02790000
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 02790F59
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 027A0F72
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 027A0F94
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 027A0FE5
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 027A0F83
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 027A0F57
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 027A000A
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 027A0FD4
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 027A0FAF
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0278005D
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!system 76C4804B 5 Bytes JMP 02780FD2
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0278002E
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02780000
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02780FE3
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02780011
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 02770FEF
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 02770014
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 02770FDE
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 02770025
.text C:\Windows\Explorer.EXE[2000] WS2_32.dll!socket 777536D1 5 Bytes JMP 02B10FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00300F2B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00300F3C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 0030008C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00300EF5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00300F83
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00300FDB
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00300F4D
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00300F94
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00300FA5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00300047
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00300036
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00300EDA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0030001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00300F10
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 001F0FA3
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!system 76C4804B 5 Bytes JMP 001F0FB4
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 001F0FD9
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_open 76C4D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 001F002E
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 001F001D
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00310051
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00310FCA
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00310FA5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00310FE5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00310036
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00020FDE
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020FC3
.text C:\Windows\system32\svchost.exe[2260] WS2_32.dll!socket 777536D1 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008900C2
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008900A7
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008900F8
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00890F57
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00890056
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00890FCD
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00890FBC
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00890096
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00890F7C
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00890F97
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0089002F
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0089001E
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0089007B
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00890F46
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008900D3
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0088006E
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!system 76C4804B 5 Bytes JMP 00880053
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00880027
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00880042
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0088000C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 008A0F7C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 008A0014
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 008A0F97
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 008A0039
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 008A0FB9
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 008A0FA8
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00870040
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 000B0F32
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 000B0082
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 000B0F06
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 000B009D
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 000B0045
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000B0071
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 000B001E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 000B0F72
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 000B0F61
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 000B0056
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 000B00B8
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 000B0FCA
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000B0F21
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 000D0038
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!system 76C4804B 5 Bytes JMP 000D001D
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_open 76C4D106 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 000D0FB7
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000E0F9B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000E0FC0
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000E0047
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000E0F80
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0020001B
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0020002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00200FDB
.text C:\Windows\system32\svchost.exe[3100] WS2_32.dll!socket 777536D1 5 Bytes JMP 00800000
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 0095001B
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00950FE5
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00930F66
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009300A2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00930F44
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009300D1
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0093005B
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00930FCD
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00930FB2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00930091
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0093004A
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 0093001E
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00930039
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00930F97
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00930076
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009300EC
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00930FDE
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00930F55
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00920F7C
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!system 76C4804B 5 Bytes JMP 00920F97
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00920FCD
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00920FEF
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00920FA8
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00920FDE
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00940F9E
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00940FB9
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00940FEF
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00940040
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 0094005B
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00940FD4
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00940014
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00940025
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0091001B
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00910036
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00910FDB
.text C:\Windows\System32\svchost.exe[3332] WS2_32.dll!socket 777536D1 5 Bytes JMP 00960000
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0028000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00150F55
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 0015009B
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00150F33
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00150F44
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00150076
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00150036
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00150F66
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00150065
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00150FA8
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00150FCA
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00150F81
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 001500E5
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 001500B6
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00100053
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!system 76C4804B 5 Bytes JMP 00100FC8
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00100027
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00100038
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00270F94
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00270FC0
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00270000
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00270FA5
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00270F83
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0027002C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00270011
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00270FDB
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 000F0FCA
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 000F0FB9
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 000F0FA8
.text C:\Windows\System32\svchost.exe[3384] WS2_32.dll!socket 777536D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 009D0FD4
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009B00E4
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009B00C9
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009B0117
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009B0106
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 009B0FB2
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 009B0040
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 009B00B8
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 009B0080
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 009B0065
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 009B0FC3
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 009B0FDE
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 009B00A7
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009B0F65
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 009B00F5
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009A003D
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!system 76C4804B 5 Bytes JMP 009A0FB2
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009A0FE3
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009C0047
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009C0FB6
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009C0F9B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009C0062
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009C001B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009C002C
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 0099002C
.text C:\Windows\system32\svchost.exe[3496] WS2_32.dll!socket 777536D1 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00FB00DA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00FB0F94
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00FB0F79
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00FB0106
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00FB0FB9
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00FB0036
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00FB00BF
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00FB0FCA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00FB0062
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00FB007D
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00FB0051
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00FB00A4
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00FB0F5E
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00FB00EB
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00FA0016
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!system 76C4804B 5 Bytes JMP 00FA0F8B
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00FA0FC1
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00FA0F9C
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00FA0FD2
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC0040
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FAF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0F9E
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F83
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FCA
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC001B
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F50FE5
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F50FCA
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F50000
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[3588] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00720FD4
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00720FEF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00700042
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00700F06
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00700089
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00700078
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00700F57
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00700FAF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 0070000A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00700F17
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00700F68
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00700F94
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00700F83
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0070001B
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00700F32
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 0070009A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00700FD4
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 0070005D
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!system 76C4804B 5 Bytes JMP 006F0038
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_open 76C4D106 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 006F0027
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 006F0FE3
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00710062
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00710FCA
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00710000
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00710051
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00710FA5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0071001B
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00710FE5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00710036
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0002001B
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0002002C
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020047
.text C:\Windows\System32\svchost.exe[3736] WS2_32.dll!socket 777536D1 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00090069
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!system 76C4804B 5 Bytes JMP 0009004E
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00090FEF
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 0009003D
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00090FDE
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000A0FA8
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000A0FCA
.text C:\Windows\system32\svchost.exe[4664] ole32.dll!CoCreateInstance 77509EA6 5 Bytes JMP 00E8000A
.text C:\Windows\system32\svchost.exe[4664] USER32.dll!GetCursorPos 769B0B88 5 Bytes JMP 0125000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7421A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7424CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6A82F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [002476E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00247740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8770AF30

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] uteajs <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----


OTL:


OTL logfile created on: 29/08/2010 7:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Paul Dufresne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.13 Gb Total Space | 75.45 Gb Free Space | 20.78% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.34 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 233.76 Gb Total Space | 126.95 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 337.18 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive Y: | 249.71 Mb Total Space | 234.44 Mb Free Space | 93.88% Space Free | Partition Type: NTFS

Computer Name: GOLIATH
Current User Name: Paul Dufresne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\web\admin\TVersity.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TVersityMediaServer) -- C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\WINDOWS\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\WINDOWS\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (VClone) -- C:\WINDOWS\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (MPFP) -- C:\WINDOWS\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\wsdprint.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\WINDOWS\System32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (CVUVC) Cisco VT Camera II(UVC) -- C:\WINDOWS\System32\drivers\cvuvc.sys (Logitech Inc.)
DRV - (cvpopflt) -- C:\WINDOWS\System32\drivers\cvpopflt.sys (Logitech Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\hsxhwbs2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\hsx_cnxt.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\hsx_dp.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\e1g60i32.sys (Intel Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\ps2.sys (Hewlett-Packard Company)
DRV - (MarvinBus) -- C:\WINDOWS\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}: C:\Users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F} [2010/08/19 00:47:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/20 09:07:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 09:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 09:58:08 | 000,000,000 | ---D | M]

[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions
[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions
[2010/07/14 12:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/02/19 02:17:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/15 23:12:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/17 01:02:54 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2010/07/22 11:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/29 09:29:58 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/08/20 09:43:50 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/21 23:03:06 | 000,000,763 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100512175343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\S


Alright, as requested, here are the contents of the four log files.

MBAM:

[font=Courier New]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

29/08/2010 6:51:11 PM
mbam-log-2010-08-29 (18-51-11).txt

Scan type: Quick scan
Objects scanned: 135815
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 19:22:19
Windows 6.0.6002 Service Pack 2
Running: ozu4lyvm.exe; Driver: C:\Users\PAULDU~1\AppData\Local\Temp\uwrdqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82B54D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82B54DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82B54D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82B54D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8246B9D2 5 Bytes JMP 82B54D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82630DA3 5 Bytes JMP 82B54DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 826504FA 7 Bytes JMP 82B54D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 826507BD 5 Bytes JMP 82B54DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\uteajs.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00F50000
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00F50FD1
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00F50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E50F5E
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E500A4
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E50F28
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E50F39
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E5007F
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E5002C
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E50F6F
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E5006E
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E50FC0
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E50FA5
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E5003D
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E50F8A
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E500D0
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E50000
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\services.exe[776] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E500BF
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC004A
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FA8
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0039
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F8D
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FE5
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC0FC3
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F70038
.text C:\Windows\system32\services.exe[776] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F70027
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F7000C
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F70FB7
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F70FDE
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F60000
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F60FE5
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F60FCA
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F60FB9
.text C:\Windows\system32\services.exe[776] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FD0000
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00D70FE5
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00D70FCA
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00D70000
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008D0F3F
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008D0F50
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008D0F09
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 008D0F1A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 008D0F7C
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 008D0FC3
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 008D0FB2
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 008D0F61
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 008D0F97
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 008D0039
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 008D004A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 008D001E
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 008D0071
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 008D00BB
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008D00A0
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00DA005B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00DA0FC3
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00DA0000
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00DA004A
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00DA0076
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00DA001B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00DA0FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!system 76C4804B 5 Bytes JMP 00D90FB9
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00D9000C
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00D9001D
.text C:\Windows\system32\lsass.exe[800] WS2_32.dll!socket 777536D1 5 Bytes JMP 00DB0000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00D80000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00D80FD4
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00D80FC3
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00760FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 002D0F5C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 002D0F6D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 002D0F26
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 002D00BD
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 002D0073
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 002D0FC0
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 002D0F88
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 002D0062
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 002D003D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 002D0FA5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 002D002C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 002D0098
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 002D00D8
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 002D0F41
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009D0047
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 76C4804B 5 Bytes JMP 009D0036
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009D0FC6
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009E0FA8
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009E0040
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009E0065
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009E0FE5
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00770011
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00770022
.text C:\Windows\system32\svchost.exe[1008] WS2_32.dll!socket 777536D1 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00760F3A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00760080
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 007600B6
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 0076009B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00760F66
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00760FDB
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00760FCA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00760F55
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00760F77
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00760040
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00760F9E
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00760FB9
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00760EFA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00760011
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00760F29
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009E0049
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 76C4804B 5 Bytes JMP 009E0FBE
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009E002E
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009E0FD9
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009E001D
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009F0FC0
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009F0062
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009F002C
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FDE
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 777536D1 5 Bytes JMP 00A00FEF
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0127000A
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 01270036
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 01270025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 01260F33
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 01260F44
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 012600A5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 01260F0E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 01260040
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 01260FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 01260025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 01260F55
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 01260F66
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 01260F94
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 01260F83
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 01260FAF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 01260065
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 012600C0
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0126000A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 01260FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 01260094
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0129002E
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76C4804B 5 Bytes JMP 01290FAD
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01290FD9
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01290000
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01290FC8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01290011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 012F0062
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 012F0036
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 012F0000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 012F0047
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 012F0073
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 012F0FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 012F0011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 012F0FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01280FEF
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0128000A
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01280FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01280025
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 777536D1 5 Bytes JMP 01300FEF
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00EE0000
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00EE002C
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00EE0011
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00ED0091
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00ED0080
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00ED0F29
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00ED0F3A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00ED0F66
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00ED0FD4
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00ED0FC3
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00ED0F55
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00ED0040
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00ED0F8D
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00ED002F
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00ED0FA8
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00ED0065
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00ED00E5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00ED000A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00ED0FE5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00ED00B6
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F10F94
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F10029
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F10FDE
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F1000C
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F10FC3
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F10FEF
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00F6005B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00F60040
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00F60FB9
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00F60076
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00F6001B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00F6000A
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00F60FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F00FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F00FB9
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F00FA8
.text C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E30000
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E30FE5
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E30025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E20F65
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E200B5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E200D0
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E20F2F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E2006E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E20FD4
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E20025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E2009A
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E20F94
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E20047
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E20FA5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E20036
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E2007F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E20F1E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E20FE5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E20000
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E20F4A
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00E5003D
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!system 76C4804B 5 Bytes JMP 00E50FB2
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00E50018
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00E50FC3
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00E50FDE
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00E70F94
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00E70FB6
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00E70000
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00E70FA5
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00E70F79
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00E70022
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00E70011
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00E70FD1
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00E40FE5
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1308] WS2_32.dll!socket 777536D1 5 Bytes JMP 00EC0000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 6AB89AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 6AB89A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00810FCA
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00010F80
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00010F91
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00010117
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00010106
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00010097
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00010033
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000100B2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0001007C
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00010FBD
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0001005F
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00010044
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00010FA2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000100EB
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00840044
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 76C4804B 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00840029
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0084000C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00020F9E
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00020036
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00020FAF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00020F83
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0002000A
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00020025
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00820FE5
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0082001B
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00820FCA
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 777536D1 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00F50096
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00F50F50
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00F500C2
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00F500A7
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00F50060
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00F50FB9
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00F50F6B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00F50F7C
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00F50F8D
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00F5002F
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00F50F9E
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00F5007B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00F500D3
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00F50FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00F50F35
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01710038
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!system 76C4804B 5 Bytes JMP 01710027
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01710FC1
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01710FEF
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01710016
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01710FD2
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01700014
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01700FDE
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01700039
.text C:\Windows\system32\svchost.exe[1640] WS2_32.dll!socket 777536D1 5 Bytes JMP 017A000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E5000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E50025
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009600A4
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00960F5E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009600BF
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00960F28
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00960F9B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00960FDB
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00960FC0
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00960F6F
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00960069
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00960047
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00960058
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00960F80
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00960F0D
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00960011
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00960F39
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01A10FA8
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!system 76C4804B 5 Bytes JMP 01A10FB9
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01A10033
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01A10000
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01A10FDE
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01A10FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00980F6B
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00980F8D
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00980F7C
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00980F5A
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00980FA8
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01A00FEF
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01A00FDE
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01A00014
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01A0002F
.text C:\Windows\system32\svchost.exe[1752] WS2_32.dll!socket 777536D1 5 Bytes JMP 01AE000A
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 007B0FEF
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 007B0FB9
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 007B0FD4
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00790F3A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00790F4B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00790F15
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 007900B6
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0079004A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00790028
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00790080
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00790F7C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00790FA8
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00790F97
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00790039
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0079006F
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00790F04
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00790091
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 02020064
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!system 76C4804B 5 Bytes JMP 02020049
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0202001D
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02020000
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02020038
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02020FE3
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 007A0F9E
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 007A0036
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 007A0FE5
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 007A0FAF
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 007A005B
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 007A0FD4
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 007A0000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 007A0025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00780025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FE5
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FD4
.text C:\Windows\system32\svchost.exe[1972] WS2_32.dll!socket 777536D1 5 Bytes JMP 02410FE5
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 02B0000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 02B00FEF
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 02B00025
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 016B000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0169000A
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 02790F7E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 02790F99
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 027900F0
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 027900D5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 027900A9
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 02790036
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 02790051
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 027900C4
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 02790098
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 02790FE5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 02790087
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0279006C
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 02790FAA
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 02790F3E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0279001B
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 02790000
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 02790F59
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 027A0F72
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 027A0F94
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 027A0FE5
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 027A0F83
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 027A0F57
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 027A000A
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 027A0FD4
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 027A0FAF
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0278005D
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!system 76C4804B 5 Bytes JMP 02780FD2
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0278002E
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02780000
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02780FE3
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02780011
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 02770FEF
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 02770014
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 02770FDE
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 02770025
.text C:\Windows\Explorer.EXE[2000] WS2_32.dll!socket 777536D1 5 Bytes JMP 02B10FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00300F2B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00300F3C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 0030008C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00300EF5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00300F83
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00300FDB
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00300F4D
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00300F94
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00300FA5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00300047
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00300036
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00300EDA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0030001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00300F10
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 001F0FA3
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!system 76C4804B 5 Bytes JMP 001F0FB4
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 001F0FD9
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_open 76C4D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 001F002E
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 001F001D
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00310051
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00310FCA
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00310FA5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00310FE5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00310036
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00020FDE
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020FC3
.text C:\Windows\system32\svchost.exe[2260] WS2_32.dll!socket 777536D1 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008900C2
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008900A7
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008900F8
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00890F57
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00890056
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00890FCD
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00890FBC
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00890096
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00890F7C
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00890F97
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0089002F
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0089001E
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0089007B
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00890F46
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008900D3
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0088006E
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!system 76C4804B 5 Bytes JMP 00880053
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00880027
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00880042
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0088000C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 008A0F7C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 008A0014
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 008A0F97
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 008A0039
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 008A0FB9
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 008A0FA8
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00870040
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 000B0F32
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 000B0082
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 000B0F06
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 000B009D
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 000B0045
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000B0071
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 000B001E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 000B0F72
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 000B0F61
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 000B0056
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 000B00B8
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 000B0FCA
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000B0F21
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 000D0038
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!system 76C4804B 5 Bytes JMP 000D001D
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_open 76C4D106 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 000D0FB7
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000E0F9B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000E0FC0
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000E0047
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000E0F80
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0020001B
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0020002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00200FDB
.text C:\Windows\system32\svchost.exe[3100] WS2_32.dll!socket 777536D1 5 Bytes JMP 00800000
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 0095001B
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00950FE5
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00930F66
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009300A2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00930F44
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009300D1
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0093005B
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00930FCD
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00930FB2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00930091
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0093004A
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 0093001E
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00930039
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00930F97
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00930076
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009300EC
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00930FDE
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00930F55
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00920F7C
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!system 76C4804B 5 Bytes JMP 00920F97
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00920FCD
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00920FEF
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00920FA8
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00920FDE
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00940F9E
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00940FB9
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00940FEF
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00940040
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 0094005B
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00940FD4
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00940014
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00940025
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0091001B
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00910036
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00910FDB
.text C:\Windows\System32\svchost.exe[3332] WS2_32.dll!socket 777536D1 5 Bytes JMP 00960000
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0028000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00150F55
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 0015009B
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00150F33
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00150F44
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00150076
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00150036
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00150F66
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00150065
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00150FA8
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00150FCA
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00150F81
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 001500E5
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 001500B6
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00100053
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!system 76C4804B 5 Bytes JMP 00100FC8
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00100027
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00100038
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00270F94
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00270FC0
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00270000
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00270FA5
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00270F83
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0027002C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00270011
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00270FDB
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 000F0FCA
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 000F0FB9
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 000F0FA8
.text C:\Windows\System32\svchost.exe[3384] WS2_32.dll!socket 777536D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 009D0FD4
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009B00E4
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009B00C9
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009B0117
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009B0106
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 009B0FB2
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 009B0040
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 009B00B8
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 009B0080
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 009B0065
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 009B0FC3
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 009B0FDE
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 009B00A7
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009B0F65
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 009B00F5
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009A003D
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!system 76C4804B 5 Bytes JMP 009A0FB2
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009A0FE3
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009C0047
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009C0FB6
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009C0F9B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009C0062
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009C001B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009C002C
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 0099002C
.text C:\Windows\system32\svchost.exe[3496] WS2_32.dll!socket 777536D1 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00FB00DA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00FB0F94
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00FB0F79
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00FB0106
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00FB0FB9
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00FB0036
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00FB00BF
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00FB0FCA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00FB0062
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00FB007D
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00FB0051
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00FB00A4
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00FB0F5E
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00FB00EB
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00FA0016
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!system 76C4804B 5 Bytes JMP 00FA0F8B
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00FA0FC1
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00FA0F9C
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00FA0FD2
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC0040
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FAF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0F9E
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F83
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FCA
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC001B
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F50FE5
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F50FCA
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F50000
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[3588] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00720FD4
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00720FEF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00700042
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00700F06
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00700089
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00700078
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00700F57
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00700FAF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 0070000A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00700F17
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00700F68
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00700F94
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00700F83
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0070001B
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00700F32
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 0070009A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00700FD4
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 0070005D
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!system 76C4804B 5 Bytes JMP 006F0038
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_open 76C4D106 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 006F0027
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 006F0FE3
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00710062
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00710FCA
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00710000
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00710051
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00710FA5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0071001B
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00710FE5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00710036
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0002001B
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0002002C
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020047
.text C:\Windows\System32\svchost.exe[3736] WS2_32.dll!socket 777536D1 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00090069
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!system 76C4804B 5 Bytes JMP 0009004E
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00090FEF
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 0009003D
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00090FDE
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000A0FA8
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000A0FCA
.text C:\Windows\system32\svchost.exe[4664] ole32.dll!CoCreateInstance 77509EA6 5 Bytes JMP 00E8000A
.text C:\Windows\system32\svchost.exe[4664] USER32.dll!GetCursorPos 769B0B88 5 Bytes JMP 0125000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7421A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7424CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6A82F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [002476E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00247740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8770AF30

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] uteajs <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----


OTL:


OTL logfile created on: 29/08/2010 7:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Paul Dufresne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.13 Gb Total Space | 75.45 Gb Free Space | 20.78% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.34 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 233.76 Gb Total Space | 126.95 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 337.18 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive Y: | 249.71 Mb Total Space | 234.44 Mb Free Space | 93.88% Space Free | Partition Type: NTFS

Computer Name: GOLIATH
Current User Name: Paul Dufresne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\web\admin\TVersity.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TVersityMediaServer) -- C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\WINDOWS\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\WINDOWS\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (VClone) -- C:\WINDOWS\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (MPFP) -- C:\WINDOWS\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\wsdprint.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\WINDOWS\System32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (CVUVC) Cisco VT Camera II(UVC) -- C:\WINDOWS\System32\drivers\cvuvc.sys (Logitech Inc.)
DRV - (cvpopflt) -- C:\WINDOWS\System32\drivers\cvpopflt.sys (Logitech Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\hsxhwbs2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\hsx_cnxt.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\hsx_dp.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\e1g60i32.sys (Intel Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\ps2.sys (Hewlett-Packard Company)
DRV - (MarvinBus) -- C:\WINDOWS\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}: C:\Users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F} [2010/08/19 00:47:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/20 09:07:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 09:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 09:58:08 | 000,000,000 | ---D | M]

[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions
[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions
[2010/07/14 12:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/02/19 02:17:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/15 23:12:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/17 01:02:54 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2010/07/22 11:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/29 09:29:58 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/08/20 09:43:50 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/21 23:03:06 | 000,000,763 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100512175343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\S


Alright, as requested, here are the contents of the four log files.

MBAM:

[font=Courier New]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

29/08/2010 6:51:11 PM
mbam-log-2010-08-29 (18-51-11).txt

Scan type: Quick scan
Objects scanned: 135815
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 19:22:19
Windows 6.0.6002 Service Pack 2
Running: ozu4lyvm.exe; Driver: C:\Users\PAULDU~1\AppData\Local\Temp\uwrdqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82B54D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82B54DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82B54D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82B54D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8246B9D2 5 Bytes JMP 82B54D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82630DA3 5 Bytes JMP 82B54DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 826504FA 7 Bytes JMP 82B54D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 826507BD 5 Bytes JMP 82B54DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\uteajs.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00F50000
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00F50FD1
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00F50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E50F5E
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E500A4
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E50F28
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E50F39
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E5007F
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E5002C
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E50F6F
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E5006E
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E50FC0
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E50FA5
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E5003D
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E50F8A
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E500D0
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E50000
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\services.exe[776] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E500BF
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC004A
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FA8
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0039
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F8D
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FE5
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC0FC3
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F70038
.text C:\Windows\system32\services.exe[776] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F70027
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F7000C
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F70FB7
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F70FDE
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F60000
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F60FE5
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F60FCA
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F60FB9
.text C:\Windows\system32\services.exe[776] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FD0000
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00D70FE5
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00D70FCA
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00D70000
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008D0F3F
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008D0F50
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008D0F09
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 008D0F1A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 008D0F7C
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 008D0FC3
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 008D0FB2
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 008D0F61
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 008D0F97
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 008D0039
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 008D004A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 008D001E
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 008D0071
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 008D00BB
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008D00A0
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00DA005B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00DA0FC3
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00DA0000
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00DA004A
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00DA0076
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00DA001B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00DA0FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!system 76C4804B 5 Bytes JMP 00D90FB9
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00D9000C
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00D9001D
.text C:\Windows\system32\lsass.exe[800] WS2_32.dll!socket 777536D1 5 Bytes JMP 00DB0000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00D80000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00D80FD4
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00D80FC3
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00760FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 002D0F5C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 002D0F6D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 002D0F26
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 002D00BD
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 002D0073
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 002D0FC0
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 002D0F88
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 002D0062
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 002D003D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 002D0FA5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 002D002C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 002D0098
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 002D00D8
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 002D0F41
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009D0047
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 76C4804B 5 Bytes JMP 009D0036
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009D0FC6
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009E0FA8
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009E0040
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009E0065
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009E0FE5
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00770011
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00770022
.text C:\Windows\system32\svchost.exe[1008] WS2_32.dll!socket 777536D1 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00760F3A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00760080
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 007600B6
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 0076009B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00760F66
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00760FDB
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00760FCA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00760F55
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00760F77
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00760040
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00760F9E
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00760FB9
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00760EFA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00760011
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00760F29
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009E0049
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 76C4804B 5 Bytes JMP 009E0FBE
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009E002E
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009E0FD9
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009E001D
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009F0FC0
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009F0062
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009F002C
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FDE
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 777536D1 5 Bytes JMP 00A00FEF
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0127000A
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 01270036
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 01270025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 01260F33
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 01260F44
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 012600A5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 01260F0E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 01260040
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 01260FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 01260025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 01260F55
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 01260F66
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 01260F94
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 01260F83
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 01260FAF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 01260065
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 012600C0
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0126000A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 01260FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 01260094
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0129002E
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76C4804B 5 Bytes JMP 01290FAD
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01290FD9
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01290000
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01290FC8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01290011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 012F0062
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 012F0036
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 012F0000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 012F0047
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 012F0073
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 012F0FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 012F0011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 012F0FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01280FEF
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0128000A
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01280FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01280025
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 777536D1 5 Bytes JMP 01300FEF
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00EE0000
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00EE002C
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00EE0011
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00ED0091
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00ED0080
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00ED0F29
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00ED0F3A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00ED0F66
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00ED0FD4
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00ED0FC3
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00ED0F55
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00ED0040
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00ED0F8D
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00ED002F
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00ED0FA8
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00ED0065
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00ED00E5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00ED000A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00ED0FE5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00ED00B6
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F10F94
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F10029
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F10FDE
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F1000C
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F10FC3
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F10FEF
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00F6005B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00F60040
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00F60FB9
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00F60076
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00F6001B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00F6000A
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00F60FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F00FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F00FB9
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F00FA8
.text C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E30000
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E30FE5
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E30025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E20F65
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E200B5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E200D0
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E20F2F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E2006E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E20FD4
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E20025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E2009A
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E20F94
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E20047
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E20FA5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E20036
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E2007F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E20F1E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E20FE5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E20000
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E20F4A
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00E5003D
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!system 76C4804B 5 Bytes JMP 00E50FB2
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00E50018
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00E50FC3
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00E50FDE
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00E70F94
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00E70FB6
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00E70000
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00E70FA5
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00E70F79
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00E70022
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00E70011
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00E70FD1
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00E40FE5
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1308] WS2_32.dll!socket 777536D1 5 Bytes JMP 00EC0000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 6AB89AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 6AB89A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00810FCA
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00010F80
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00010F91
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00010117
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00010106
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00010097
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00010033
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000100B2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0001007C
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00010FBD
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0001005F
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00010044
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00010FA2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000100EB
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00840044
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 76C4804B 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00840029
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0084000C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00020F9E
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00020036
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00020FAF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00020F83
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0002000A
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00020025
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00820FE5
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0082001B
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00820FCA
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 777536D1 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00F50096
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00F50F50
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00F500C2
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00F500A7
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00F50060
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00F50FB9
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00F50F6B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00F50F7C
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00F50F8D
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00F5002F
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00F50F9E
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00F5007B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00F500D3
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00F50FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00F50F35
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01710038
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!system 76C4804B 5 Bytes JMP 01710027
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01710FC1
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01710FEF
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01710016
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01710FD2
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01700014
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01700FDE
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01700039
.text C:\Windows\system32\svchost.exe[1640] WS2_32.dll!socket 777536D1 5 Bytes JMP 017A000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E5000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E50025
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009600A4
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00960F5E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009600BF
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00960F28
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00960F9B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00960FDB
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00960FC0
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00960F6F
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00960069
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00960047
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00960058
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00960F80
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00960F0D
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00960011
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00960F39
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01A10FA8
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!system 76C4804B 5 Bytes JMP 01A10FB9
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01A10033
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01A10000
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01A10FDE
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01A10FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00980F6B
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00980F8D
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00980F7C
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00980F5A
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00980FA8
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01A00FEF
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01A00FDE
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01A00014
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01A0002F
.text C:\Windows\system32\svchost.exe[1752] WS2_32.dll!socket 777536D1 5 Bytes JMP 01AE000A
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 007B0FEF
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 007B0FB9
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 007B0FD4
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00790F3A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00790F4B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00790F15
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 007900B6
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0079004A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00790028
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00790080
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00790F7C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00790FA8
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00790F97
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00790039
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0079006F
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00790F04
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00790091
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 02020064
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!system 76C4804B 5 Bytes JMP 02020049
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0202001D
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02020000
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02020038
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02020FE3
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 007A0F9E
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 007A0036
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 007A0FE5
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 007A0FAF
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 007A005B
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 007A0FD4
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 007A0000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 007A0025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00780025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FE5
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FD4
.text C:\Windows\system32\svchost.exe[1972] WS2_32.dll!socket 777536D1 5 Bytes JMP 02410FE5
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 02B0000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 02B00FEF
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 02B00025
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 016B000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0169000A
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 02790F7E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 02790F99
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 027900F0
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 027900D5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 027900A9
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 02790036
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 02790051
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 027900C4
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 02790098
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 02790FE5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 02790087
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0279006C
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 02790FAA
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 02790F3E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0279001B
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 02790000
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 02790F59
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 027A0F72
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 027A0F94
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 027A0FE5
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 027A0F83
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 027A0F57
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 027A000A
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 027A0FD4
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 027A0FAF
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0278005D
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!system 76C4804B 5 Bytes JMP 02780FD2
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0278002E
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02780000
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02780FE3
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02780011
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 02770FEF
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 02770014
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 02770FDE
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 02770025
.text C:\Windows\Explorer.EXE[2000] WS2_32.dll!socket 777536D1 5 Bytes JMP 02B10FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00300F2B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00300F3C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 0030008C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00300EF5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00300F83
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00300FDB
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00300F4D
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00300F94
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00300FA5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00300047
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00300036
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00300EDA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0030001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00300F10
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 001F0FA3
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!system 76C4804B 5 Bytes JMP 001F0FB4
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 001F0FD9
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_open 76C4D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 001F002E
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 001F001D
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00310051
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00310FCA
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00310FA5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00310FE5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00310036
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00020FDE
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020FC3
.text C:\Windows\system32\svchost.exe[2260] WS2_32.dll!socket 777536D1 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008900C2
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008900A7
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008900F8
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00890F57
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00890056
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00890FCD
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00890FBC
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00890096
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00890F7C
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00890F97
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0089002F
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0089001E
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0089007B
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00890F46
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008900D3
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0088006E
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!system 76C4804B 5 Bytes JMP 00880053
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00880027
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00880042
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0088000C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 008A0F7C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 008A0014
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 008A0F97
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 008A0039
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 008A0FB9
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 008A0FA8
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00870040
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 000B0F32
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 000B0082
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 000B0F06
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 000B009D
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 000B0045
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000B0071
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 000B001E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 000B0F72
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 000B0F61
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 000B0056
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 000B00B8
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 000B0FCA
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000B0F21
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 000D0038
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!system 76C4804B 5 Bytes JMP 000D001D
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_open 76C4D106 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 000D0FB7
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000E0F9B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000E0FC0
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000E0047
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000E0F80
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0020001B
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0020002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00200FDB
.text C:\Windows\system32\svchost.exe[3100] WS2_32.dll!socket 777536D1 5 Bytes JMP 00800000
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 0095001B
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00950FE5
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00930F66
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009300A2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00930F44
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009300D1
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0093005B
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00930FCD
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00930FB2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00930091
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0093004A
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 0093001E
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00930039
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00930F97
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00930076
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009300EC
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00930FDE
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00930F55
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00920F7C
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!system 76C4804B 5 Bytes JMP 00920F97
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00920FCD
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00920FEF
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00920FA8
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00920FDE
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00940F9E
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00940FB9
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00940FEF
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00940040
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 0094005B
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00940FD4
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00940014
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00940025
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0091001B
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00910036
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00910FDB
.text C:\Windows\System32\svchost.exe[3332] WS2_32.dll!socket 777536D1 5 Bytes JMP 00960000
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0028000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00150F55
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 0015009B
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00150F33
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00150F44
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00150076
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00150036
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00150F66
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00150065
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00150FA8
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00150FCA
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00150F81
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 001500E5
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 001500B6
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00100053
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!system 76C4804B 5 Bytes JMP 00100FC8
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00100027
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00100038
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00270F94
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00270FC0
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00270000
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00270FA5
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00270F83
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0027002C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00270011
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00270FDB
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 000F0FCA
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 000F0FB9
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 000F0FA8
.text C:\Windows\System32\svchost.exe[3384] WS2_32.dll!socket 777536D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 009D0FD4
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009B00E4
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009B00C9
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009B0117
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009B0106
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 009B0FB2
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 009B0040
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 009B00B8
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 009B0080
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 009B0065
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 009B0FC3
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 009B0FDE
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 009B00A7
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009B0F65
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 009B00F5
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009A003D
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!system 76C4804B 5 Bytes JMP 009A0FB2
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009A0FE3
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009C0047
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009C0FB6
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009C0F9B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009C0062
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009C001B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009C002C
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 0099002C
.text C:\Windows\system32\svchost.exe[3496] WS2_32.dll!socket 777536D1 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00FB00DA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00FB0F94
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00FB0F79
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00FB0106
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00FB0FB9
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00FB0036
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00FB00BF
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00FB0FCA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00FB0062
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00FB007D
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00FB0051
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00FB00A4
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00FB0F5E
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00FB00EB
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00FA0016
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!system 76C4804B 5 Bytes JMP 00FA0F8B
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00FA0FC1
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00FA0F9C
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00FA0FD2
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC0040
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FAF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0F9E
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F83
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FCA
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC001B
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F50FE5
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F50FCA
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F50000
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[3588] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00720FD4
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00720FEF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00700042
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00700F06
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00700089
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00700078
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00700F57
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00700FAF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 0070000A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00700F17
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00700F68
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00700F94
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00700F83
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0070001B
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00700F32
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 0070009A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00700FD4
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 0070005D
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!system 76C4804B 5 Bytes JMP 006F0038
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_open 76C4D106 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 006F0027
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 006F0FE3
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00710062
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00710FCA
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00710000
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00710051
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00710FA5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0071001B
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00710FE5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00710036
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0002001B
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0002002C
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020047
.text C:\Windows\System32\svchost.exe[3736] WS2_32.dll!socket 777536D1 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00090069
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!system 76C4804B 5 Bytes JMP 0009004E
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00090FEF
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 0009003D
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00090FDE
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000A0FA8
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000A0FCA
.text C:\Windows\system32\svchost.exe[4664] ole32.dll!CoCreateInstance 77509EA6 5 Bytes JMP 00E8000A
.text C:\Windows\system32\svchost.exe[4664] USER32.dll!GetCursorPos 769B0B88 5 Bytes JMP 0125000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7421A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7424CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6A82F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [002476E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00247740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8770AF30

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] uteajs <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----


OTL:


OTL logfile created on: 29/08/2010 7:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Paul Dufresne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.13 Gb Total Space | 75.45 Gb Free Space | 20.78% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.34 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 233.76 Gb Total Space | 126.95 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 337.18 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive Y: | 249.71 Mb Total Space | 234.44 Mb Free Space | 93.88% Space Free | Partition Type: NTFS

Computer Name: GOLIATH
Current User Name: Paul Dufresne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\web\admin\TVersity.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TVersityMediaServer) -- C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\WINDOWS\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\WINDOWS\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (VClone) -- C:\WINDOWS\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (MPFP) -- C:\WINDOWS\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\wsdprint.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\WINDOWS\System32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (CVUVC) Cisco VT Camera II(UVC) -- C:\WINDOWS\System32\drivers\cvuvc.sys (Logitech Inc.)
DRV - (cvpopflt) -- C:\WINDOWS\System32\drivers\cvpopflt.sys (Logitech Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\hsxhwbs2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\hsx_cnxt.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\hsx_dp.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\e1g60i32.sys (Intel Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\ps2.sys (Hewlett-Packard Company)
DRV - (MarvinBus) -- C:\WINDOWS\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}: C:\Users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F} [2010/08/19 00:47:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/20 09:07:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 09:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 09:58:08 | 000,000,000 | ---D | M]

[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions
[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions
[2010/07/14 12:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/02/19 02:17:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/15 23:12:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/17 01:02:54 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2010/07/22 11:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/29 09:29:58 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/08/20 09:43:50 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/21 23:03:06 | 000,000,763 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100512175343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\S


Alright, as requested, here are the contents of the four log files.

MBAM:

[font=Courier New]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

29/08/2010 6:51:11 PM
mbam-log-2010-08-29 (18-51-11).txt

Scan type: Quick scan
Objects scanned: 135815
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 19:22:19
Windows 6.0.6002 Service Pack 2
Running: ozu4lyvm.exe; Driver: C:\Users\PAULDU~1\AppData\Local\Temp\uwrdqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82B54D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82B54DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82B54D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82B54D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8246B9D2 5 Bytes JMP 82B54D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82630DA3 5 Bytes JMP 82B54DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 826504FA 7 Bytes JMP 82B54D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 826507BD 5 Bytes JMP 82B54DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\uteajs.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00F50000
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00F50FD1
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00F50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E50F5E
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E500A4
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E50F28
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E50F39
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E5007F
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E50011
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E5002C
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E50F6F
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E5006E
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E50FC0
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E50FA5
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E5003D
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E50F8A
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E500D0
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E50000
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\services.exe[776] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E500BF
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC004A
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FA8
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0039
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F8D
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FE5
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC0FC3
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F70038
.text C:\Windows\system32\services.exe[776] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F70027
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F7000C
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F70FB7
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F70FDE
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F60000
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F60FE5
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F60FCA
.text C:\Windows\system32\services.exe[776] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F60FB9
.text C:\Windows\system32\services.exe[776] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FD0000
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00D70FE5
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00D70FCA
.text C:\Windows\system32\lsass.exe[800] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00D70000
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008D0F3F
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008D0F50
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008D0F09
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 008D0F1A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 008D0F7C
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 008D0FC3
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 008D0FB2
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 008D0F61
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 008D0F97
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 008D0039
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 008D004A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 008D001E
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 008D0071
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 008D00BB
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008D00A0
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00DA005B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00DA0FC3
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00DA0000
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00DA004A
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00DA0076
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00DA001B
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00DA0FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!system 76C4804B 5 Bytes JMP 00D90FB9
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00D9000C
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00D9001D
.text C:\Windows\system32\lsass.exe[800] WS2_32.dll!socket 777536D1 5 Bytes JMP 00DB0000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00D80000
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00D80FD4
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00D80FC3
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00760FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 002D0F5C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 002D0F6D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 002D0F26
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 002D00BD
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 002D0073
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 002D0FC0
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 002D0F88
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 002D0062
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 002D003D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 002D0FA5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 002D002C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 002D0098
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 002D00D8
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 002D0F41
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009D0047
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 76C4804B 5 Bytes JMP 009D0036
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009D0FC6
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009E0FA8
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009E0040
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009E0065
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009E0FE5
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00770011
.text C:\Windows\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00770022
.text C:\Windows\system32\svchost.exe[1008] WS2_32.dll!socket 777536D1 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00760F3A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00760080
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 007600B6
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 0076009B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00760F66
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00760FDB
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00760FCA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00760F55
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00760F77
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00760040
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00760F9E
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00760FB9
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00760EFA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00760011
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00760F29
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009E0049
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 76C4804B 5 Bytes JMP 009E0FBE
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009E002E
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009E0FD9
.text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009E001D
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009F0FC0
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009F0062
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009F002C
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FDE
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 777536D1 5 Bytes JMP 00A00FEF
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0127000A
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 01270036
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 01270025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 01260F33
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 01260F44
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 012600A5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 01260F0E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 01260040
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 01260FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 01260025
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 01260F55
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 01260F66
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 01260F94
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 01260F83
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 01260FAF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 01260065
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 012600C0
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0126000A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 01260FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 01260094
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0129002E
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76C4804B 5 Bytes JMP 01290FAD
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01290FD9
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01290000
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01290FC8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01290011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 012F0062
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 012F0036
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 012F0000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 012F0047
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 012F0073
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 012F0FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 012F0011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 012F0FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01280FEF
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0128000A
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01280FCA
.text C:\Windows\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01280025
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 777536D1 5 Bytes JMP 01300FEF
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00EE0000
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00EE002C
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00EE0011
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00ED0091
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00ED0080
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00ED0F29
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00ED0F3A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00ED0F66
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00ED0FD4
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00ED0FC3
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00ED0F55
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00ED0040
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00ED0F8D
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00ED002F
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00ED0FA8
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00ED0065
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00ED00E5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00ED000A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00ED0FE5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00ED00B6
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00F10F94
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system 76C4804B 5 Bytes JMP 00F10029
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00F10FDE
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00F1000C
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00F10FC3
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00F10FEF
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00F6005B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00F60040
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00F60FB9
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00F60076
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00F6001B
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00F6000A
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00F60FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F00FCA
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F00FB9
.text C:\Windows\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F00FA8
.text C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E30000
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E30FE5
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E30025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00E20F65
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00E200B5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00E200D0
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00E20F2F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00E2006E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00E20FD4
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00E20025
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00E2009A
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00E20F94
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00E20047
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00E20FA5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00E20036
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00E2007F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00E20F1E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00E20FE5
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00E20000
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00E20F4A
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00E5003D
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!system 76C4804B 5 Bytes JMP 00E50FB2
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00E50018
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00E50FC3
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00E50FDE
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00E70F94
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00E70FB6
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00E70000
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00E70FA5
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00E70F79
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00E70022
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00E70011
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00E70FD1
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00E40FE5
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00E40036
.text C:\Windows\System32\svchost.exe[1308] WS2_32.dll!socket 777536D1 5 Bytes JMP 00EC0000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 6AB89AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1468] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 6AB89A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00810FCA
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00010F80
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00010F91
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00010117
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00010106
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00010097
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00010033
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000100B2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0001007C
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00010FBD
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0001005F
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00010044
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00010FA2
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000100EB
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00840044
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 76C4804B 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00840029
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0084000C
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00020F9E
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00020036
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00020FAF
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00020F83
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0002000A
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00020025
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00820FE5
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0082001B
.text C:\Windows\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00820FCA
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 777536D1 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00F50096
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00F50F50
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00F500C2
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00F500A7
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00F50060
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00F50FB9
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00F50F6B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00F50F7C
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00F50F8D
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00F5002F
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00F50F9E
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00F5007B
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00F500D3
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00F50FD4
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00F50F35
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01710038
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!system 76C4804B 5 Bytes JMP 01710027
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01710FC1
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01710FEF
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01710016
.text C:\Windows\system32\svchost.exe[1640] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01710FD2
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01700014
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01700FDE
.text C:\Windows\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01700039
.text C:\Windows\system32\svchost.exe[1640] WS2_32.dll!socket 777536D1 5 Bytes JMP 017A000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00E5000A
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00E50025
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009600A4
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00960F5E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009600BF
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00960F28
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00960F9B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00960FDB
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00960FC0
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00960F6F
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00960069
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00960047
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00960058
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00960F80
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00960F0D
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00960011
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00960F39
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 01A10FA8
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!system 76C4804B 5 Bytes JMP 01A10FB9
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 01A10033
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_open 76C4D106 5 Bytes JMP 01A10000
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 01A10FDE
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 01A10FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00980F6B
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00980F8D
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00980F7C
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00980F5A
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00980FA8
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 01A00FEF
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 01A00FDE
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 01A00014
.text C:\Windows\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 01A0002F
.text C:\Windows\system32\svchost.exe[1752] WS2_32.dll!socket 777536D1 5 Bytes JMP 01AE000A
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 007B0FEF
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 007B0FB9
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 007B0FD4
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00790F3A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00790F4B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00790F15
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 007900B6
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0079004A
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00790028
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00790080
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00790F7C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00790FA8
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00790F97
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00790039
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0079006F
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00790F04
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00790091
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 02020064
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!system 76C4804B 5 Bytes JMP 02020049
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0202001D
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02020000
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02020038
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02020FE3
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 007A0F9E
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 007A0036
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 007A0FE5
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 007A0FAF
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 007A005B
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 007A0FD4
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 007A0000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 007A0025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0078000A
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00780025
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00780FE5
.text C:\Windows\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00780FD4
.text C:\Windows\system32\svchost.exe[1972] WS2_32.dll!socket 777536D1 5 Bytes JMP 02410FE5
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 02B0000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 02B00FEF
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 02B00025
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 016B000A
.text C:\Windows\Explorer.EXE[2000] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0169000A
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 02790F7E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 02790F99
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 027900F0
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 027900D5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 027900A9
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 02790036
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 02790051
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 027900C4
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 02790098
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 02790FE5
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 02790087
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0279006C
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 02790FAA
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 02790F3E
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0279001B
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 02790000
.text C:\Windows\Explorer.EXE[2000] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 02790F59
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 027A0F72
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 027A0F94
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 027A0FE5
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 027A0F83
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 027A0F57
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 027A000A
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 027A0FD4
.text C:\Windows\Explorer.EXE[2000] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 027A0FAF
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0278005D
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!system 76C4804B 5 Bytes JMP 02780FD2
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 0278002E
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_open 76C4D106 5 Bytes JMP 02780000
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 02780FE3
.text C:\Windows\Explorer.EXE[2000] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 02780011
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 02770FEF
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 02770014
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 02770FDE
.text C:\Windows\Explorer.EXE[2000] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 02770025
.text C:\Windows\Explorer.EXE[2000] WS2_32.dll!socket 777536D1 5 Bytes JMP 02B10FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00300F2B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00300F3C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 0030008C
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00300EF5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00300F83
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00300FDB
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00300FCA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00300F4D
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00300F94
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00300FA5
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00300047
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00300036
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00300F5E
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00300EDA
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0030001B
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00300F10
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 001F0FA3
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!system 76C4804B 5 Bytes JMP 001F0FB4
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 001F0FD9
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_open 76C4D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 001F002E
.text C:\Windows\system32\svchost.exe[2260] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 001F001D
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00310051
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00310FCA
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00310FA5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00310FE5
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00310036
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00020FDE
.text C:\Windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020FC3
.text C:\Windows\system32\svchost.exe[2260] WS2_32.dll!socket 777536D1 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[2668] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 008900C2
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 008900A7
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 008900F8
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00890F57
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00890056
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00890FCD
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00890FBC
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00890096
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00890F7C
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00890F97
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 0089002F
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0089001E
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 0089007B
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00890F46
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[2668] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 008900D3
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 0088006E
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!system 76C4804B 5 Bytes JMP 00880053
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00880027
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00880042
.text C:\Windows\system32\svchost.exe[2668] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0088000C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 008A0F7C
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 008A0014
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 008A0F97
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 008A0039
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 008A0FB9
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[2668] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 008A0FA8
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[2668] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00870040
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[3100] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 000B0F32
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 000B0082
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 000B0F06
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 000B009D
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 000B0045
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 000B0071
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 000B001E
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 000B0F72
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 000B0F61
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 000B0056
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 000B00B8
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 000B0FCA
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[3100] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 000B0F21
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 000D0038
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!system 76C4804B 5 Bytes JMP 000D001D
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_open 76C4D106 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 000D0FB7
.text C:\Windows\system32\svchost.exe[3100] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000E0F9B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000E0FC0
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000E0047
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000E0F80
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\svchost.exe[3100] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0020001B
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0020002C
.text C:\Windows\system32\svchost.exe[3100] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00200FDB
.text C:\Windows\system32\svchost.exe[3100] WS2_32.dll!socket 777536D1 5 Bytes JMP 00800000
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 0095001B
.text C:\Windows\System32\svchost.exe[3332] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00950FE5
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00930F66
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009300A2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00930F44
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009300D1
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 0093005B
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00930FCD
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00930FB2
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00930091
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 0093004A
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 0093001E
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00930039
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00930F97
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00930076
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009300EC
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00930FDE
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[3332] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00930F55
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00920F7C
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!system 76C4804B 5 Bytes JMP 00920F97
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00920FCD
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00920FEF
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00920FA8
.text C:\Windows\System32\svchost.exe[3332] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00920FDE
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00940F9E
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00940FB9
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00940FEF
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00940040
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 0094005B
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00940FD4
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00940014
.text C:\Windows\System32\svchost.exe[3332] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00940025
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0091001B
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00910036
.text C:\Windows\System32\svchost.exe[3332] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00910FDB
.text C:\Windows\System32\svchost.exe[3332] WS2_32.dll!socket 777536D1 5 Bytes JMP 00960000
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[3384] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0028000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00150F55
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 0015009B
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00150F33
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00150F44
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00150076
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00150036
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00150F66
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00150065
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00150FA8
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00150FCA
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00150F81
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 001500E5
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[3384] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 001500B6
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00100053
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!system 76C4804B 5 Bytes JMP 00100FC8
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00100027
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00100038
.text C:\Windows\System32\svchost.exe[3384] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00270F94
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00270FC0
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00270000
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00270FA5
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00270F83
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0027002C
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00270011
.text C:\Windows\System32\svchost.exe[3384] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00270FDB
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 000F0FCA
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 000F0FB9
.text C:\Windows\System32\svchost.exe[3384] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 000F0FA8
.text C:\Windows\System32\svchost.exe[3384] WS2_32.dll!socket 777536D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 009D0FD4
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 009B00E4
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 009B00C9
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 009B0117
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 009B0106
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 009B0FB2
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 009B0040
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 009B00B8
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 009B0080
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 009B0065
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 009B0FC3
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 009B0FDE
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 009B00A7
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 009B0F65
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[3496] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 009B00F5
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 009A003D
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!system 76C4804B 5 Bytes JMP 009A0FB2
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 009A0011
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_open 76C4D106 5 Bytes JMP 009A0000
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[3496] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 009A0FE3
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 009C0047
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 009C0FB6
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 009C0F9B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 009C0062
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 009C001B
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 009C002C
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0099001B
.text C:\Windows\system32\svchost.exe[3496] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 0099002C
.text C:\Windows\system32\svchost.exe[3496] WS2_32.dll!socket 777536D1 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00FB00DA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00FB0F94
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00FB0F79
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00FB0106
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00FB0FB9
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 00FB0036
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00FB00BF
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00FB0FCA
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00FB0062
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00FB007D
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 00FB0051
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00FB00A4
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 00FB0F5E
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 00FB00EB
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00FA0016
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!system 76C4804B 5 Bytes JMP 00FA0F8B
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00FA0FC1
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 00FA0F9C
.text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00FA0FD2
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00FC0040
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00FC0FAF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00FC0F9E
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00FC0F83
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 00FC0FCA
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00FC001B
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00F50FE5
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 00F50FCA
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 00F50000
.text C:\Windows\system32\svchost.exe[3588] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[3588] WS2_32.dll!socket 777536D1 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00720FD4
.text C:\Windows\System32\svchost.exe[3736] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 00720FEF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoW 76D21929 5 Bytes JMP 00700042
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetStartupInfoA 76D219C9 5 Bytes JMP 00700F06
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessW 76D21BF3 5 Bytes JMP 00700089
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateProcessA 76D21C28 5 Bytes JMP 00700078
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtect 76D21DC3 5 Bytes JMP 00700F57
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeA 76D22EF5 5 Bytes JMP 00700FAF
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateNamedPipeW 76D25C0C 5 Bytes JMP 0070000A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreatePipe 76D48E6E 5 Bytes JMP 00700F17
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExW 76D49109 5 Bytes JMP 00700F68
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryW 76D49362 5 Bytes JMP 00700F94
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryExA 76D494B4 5 Bytes JMP 00700F83
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!LoadLibraryA 76D494DC 5 Bytes JMP 0070001B
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!VirtualProtectEx 76D4DBDA 5 Bytes JMP 00700F32
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!GetProcAddress 76D6903B 5 Bytes JMP 0070009A
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileW 76D6AECB 5 Bytes JMP 00700FD4
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!CreateFileA 76D6CE5F 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[3736] kernel32.dll!WinExec 76DB5CF7 5 Bytes JMP 0070005D
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!system 76C4804B 5 Bytes JMP 006F0038
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_open 76C4D106 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 006F0027
.text C:\Windows\System32\svchost.exe[3736] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 006F0FE3
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 00710062
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 00710FCA
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 00710000
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 00710051
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 00710FA5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 0071001B
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 00710FE5
.text C:\Windows\System32\svchost.exe[3736] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 00710036
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenA 75CDD690 5 Bytes JMP 00020000
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenW 75CDDB09 5 Bytes JMP 0002001B
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlA 75CDF3A4 5 Bytes JMP 0002002C
.text C:\Windows\System32\svchost.exe[3736] WININET.dll!InternetOpenUrlW 75D26DDF 5 Bytes JMP 00020047
.text C:\Windows\System32\svchost.exe[3736] WS2_32.dll!socket 777536D1 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateFile 776643D4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtCreateProcess 77664494 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtProtectVirtualMemory 77664D34 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!NtWriteVirtualMemory 77665674 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[4664] ntdll.dll!KiUserExceptionDispatcher 77665DC8 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wsystem 76C47F2F 5 Bytes JMP 00090069
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!system 76C4804B 5 Bytes JMP 0009004E
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_creat 76C4BBE1 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_open 76C4D106 5 Bytes JMP 00090FEF
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wcreat 76C4D326 5 Bytes JMP 0009003D
.text C:\Windows\system32\svchost.exe[4664] msvcrt.dll!_wopen 76C4D501 5 Bytes JMP 00090FDE
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExA 774039AB 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyA 77403BA9 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyA 774089C7 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyW 7741391E 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegCreateKeyExW 774141F1 5 Bytes JMP 000A0FA8
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExA 77417C42 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyW 7741E2B5 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[4664] ADVAPI32.dll!RegOpenKeyExW 77427BA1 5 Bytes JMP 000A0FCA
.text C:\Windows\system32\svchost.exe[4664] ole32.dll!CoCreateInstance 77509EA6 5 Bytes JMP 00E8000A
.text C:\Windows\system32\svchost.exe[4664] USER32.dll!GetCursorPos 769B0B88 5 Bytes JMP 0125000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7421A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7424CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2000] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6A82F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [002476E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3252] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00247740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8770AF30

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] uteajs <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272a08bb8@00249f841613 0x44 0x5D 0xF0 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\uteajs@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----


OTL:

[font="Courier New"]
OTL logfile created on: 29/08/2010 7:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Paul Dufresne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.13 Gb Total Space | 75.45 Gb Free Space | 20.78% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.34 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 233.76 Gb Total Space | 126.95 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 337.18 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive Y: | 249.71 Mb Total Space | 234.44 Mb Free Space | 93.88% Space Free | Partition Type: NTFS

Computer Name: GOLIATH
Current User Name: Paul Dufresne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\web\admin\TVersity.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Paul Dufresne\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TVersityMediaServer) -- C:\Users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\WINDOWS\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\WINDOWS\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (VClone) -- C:\WINDOWS\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (MPFP) -- C:\WINDOWS\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\wsdprint.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\WINDOWS\System32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (CVUVC) Cisco VT Camera II(UVC) -- C:\WINDOWS\System32\drivers\cvuvc.sys (Logitech Inc.)
DRV - (cvpopflt) -- C:\WINDOWS\System32\drivers\cvpopflt.sys (Logitech Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\hsxhwbs2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\hsx_cnxt.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\hsx_dp.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\e1g60i32.sys (Intel Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\ps2.sys (Hewlett-Packard Company)
DRV - (MarvinBus) -- C:\WINDOWS\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}: C:\Users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F} [2010/08/19 00:47:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/20 09:07:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 09:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/19 09:58:08 | 000,000,000 | ---D | M]

[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions
[2010/03/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions
[2010/07/14 12:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/02/19 02:17:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/15 23:12:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/17 01:02:54 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2010/07/22 11:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/29 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/29 09:29:58 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/08/20 09:43:50 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/21 23:03:06 | 000,000,763 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100512175343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 29 August 2010 - 07:29 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 29 August 2010 - 11:20 PM


Here were the results from ComboFix. I'm not sure how to read the results, but it looks like it took care of something.

I can access Windows Update, so something has certainly changed.

ThanX!

ComboFix 10-08-28.02 - Paul Dufresne 29/08/2010 23:38:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3071.2187 [GMT -4:00]
Running from: c:\users\Paul Dufresne\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Pe
c:\program files\Pe\AEGAXS.dll
c:\program files\Pe\App.ico
c:\program files\Pe\BPData.dll
c:\program files\Pe\CNData.dll
c:\program files\Pe\Configs.xml
c:\program files\Pe\dnscache.dll
c:\program files\Pe\Framework.Controls.ProgressBar.dll
c:\program files\Pe\HId.dll
c:\program files\Pe\HuD.xml
c:\program files\Pe\HudMoveDLL.dll
c:\program files\Pe\ICSharpCode.SharpZipLib.dll
c:\program files\Pe\iexplore.exe
c:\program files\Pe\iexplore.exe.config
c:\program files\Pe\Interop.VXPLibrary.dll
c:\program files\Pe\Lib\accllistbar.dll
c:\program files\Pe\Lib\AxInterop.SHDocVw.dll
c:\program files\Pe\Lib\Infragistics.Shared.v3.2.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Core.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Data.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Render.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Resources.v4.1.dll
c:\program files\Pe\Lib\Infragistics.Win.Misc.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinChart.v4.1.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinDock.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinEditors.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinListBar.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinTabControl.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinToolbars.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.v3.2.dll
c:\program files\Pe\Lib\Interop.SHDocVw.dll
c:\program files\Pe\Lib\MessageBoxExLib.dll
c:\program files\Pe\Lib\pecomm.dll
c:\program files\Pe\Lib\PokerHUD.dll
c:\program files\Pe\Lib\shellstyle.dll
c:\program files\Pe\Lib\xpexplorerbar.dll
c:\program files\Pe\License.txt
c:\program files\Pe\Lobby Edge\ICSharpCode.SharpZipLib.dll
c:\program files\Pe\Lobby Edge\if1.dll
c:\program files\Pe\Lobby Edge\if2.dll
c:\program files\Pe\Lobby Edge\if3.dll
c:\program files\Pe\Lobby Edge\if4.dll
c:\program files\Pe\Lobby Edge\Interop.VXPLibrary.dll
c:\program files\Pe\Lobby Edge\LobbyEdge.exe
c:\program files\Pe\Lobby Edge\LobbyEdge.exe.config
c:\program files\Pe\Lobby Edge\OpenerInterface.dll
c:\program files\Pe\Lobby Edge\rules.ini
c:\program files\Pe\Lobby Edge\SpHeader.dll
c:\program files\Pe\Lobby Edge\tfplugin_interface_library.dll
c:\program files\Pe\Lobby Edge\VXPLib.dll
c:\program files\Pe\Lobby Edge\XPExplorerBar.dll
c:\program files\Pe\log.txt
c:\program files\Pe\MNData.dll
c:\program files\Pe\Notes.xml
c:\program files\Pe\NTGA11X.dll
c:\program files\Pe\OGData.dll
c:\program files\Pe\OverlayDll.dll
c:\program files\Pe\PE4Hud.dll
c:\program files\Pe\PE4Hud2.dll
c:\program files\Pe\Readme.txt
c:\program files\Pe\Settings.xml
c:\program files\Pe\SitePathFinder.dll
c:\program files\Pe\TPData.dll
c:\program files\Pe\VXPLib.dll
c:\users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}
c:\users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}\chrome.manifest
c:\users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}\chrome\content\_cfg.js
c:\users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}\chrome\content\overlay.xul
c:\users\Paul Dufresne\AppData\Local\{48E4478E-19AB-4E05-8AC5-5153CF09C56F}\install.rdf
c:\users\Paul Dufresne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Paul Dufresne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Paul Dufresne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\win.ini

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 03:51 . 2010-08-30 03:51 -------- d-----w- c:\users\Paul Dufresne\AppData\Local\temp
2010-08-30 03:51 . 2010-08-30 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 00:28 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-29 00:28 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-29 00:28 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-29 00:28 . 2010-08-29 00:28 -------- d-----w- c:\program files\eRightSoft
2010-08-23 17:28 . 2010-08-23 18:08 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\Malwarebytes
2010-08-20 12:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\programdata\Malwarebytes
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 12:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 04:47 . 2010-08-19 13:51 120 ----a-w- c:\users\Paul Dufresne\AppData\Local\Blijumusetubeto.dat
2010-08-19 04:47 . 2010-08-19 04:47 0 ----a-w- c:\users\Paul Dufresne\AppData\Local\Rquqanawifuki.bin
2010-08-17 22:20 . 2010-08-19 05:00 -------- d-----w- c:\program files\GPSBabel
2010-08-11 18:24 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:24 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:24 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:24 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 18:24 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 18:24 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:24 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:24 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:24 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 15:10 . 2010-08-07 15:10 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\WinBatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 03:35 . 2010-02-18 03:46 -------- d-----w- c:\programdata\NVIDIA
2010-08-30 03:33 . 2010-06-21 14:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 02:11 . 2010-02-18 03:49 91367 ----a-w- c:\programdata\nvModes.dat
2010-08-29 00:22 . 2010-01-08 03:38 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\CyberLink
2010-08-26 21:01 . 2009-12-17 05:01 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-20 14:31 . 2010-02-24 16:34 -------- d-----w- c:\program files\Mixxx
2010-08-19 05:09 . 2009-12-16 02:39 -------- d-----w- c:\program files\Google
2010-08-19 04:45 . 2010-08-19 04:45 20 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\bawuho.dat
2010-08-19 04:39 . 2009-12-16 01:00 2032 ----a-w- c:\users\Paul Dufresne\AppData\Local\d3d9caps.dat
2010-08-12 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 13:48 . 2010-03-03 21:25 1 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-09 17:51 . 2010-06-24 18:57 -------- d-----w- c:\programdata\DVD Shrink
2010-08-09 13:12 . 2009-12-26 02:26 -------- d-----w- c:\program files\Garmin
2010-08-07 15:15 . 2009-12-25 20:44 -------- d-----w- c:\programdata\LightScribe
2010-08-07 15:14 . 2007-12-07 03:59 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-08-07 15:13 . 2010-01-04 20:10 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\gtk-2.0
2010-07-27 18:27 . 2010-07-27 18:27 176836 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-21 12:33 . 2010-06-23 05:05 -------- d-----w- c:\program files\iTunes
2010-07-21 12:32 . 2010-07-21 12:32 -------- d-----w- c:\program files\iPod
2010-07-21 12:32 . 2009-12-17 21:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 12:27 . 2010-07-21 12:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 20:26 . 2010-03-16 18:06 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\vlc
2010-07-19 12:11 . 2009-12-26 03:47 -------- d-----w- c:\program files\TVersity Codec Pack
2010-07-09 17:39 . 2010-07-08 15:54 -------- d-----w- c:\programdata\NOS
2010-07-08 15:57 . 2007-12-07 04:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-08 15:54 . 2010-07-08 15:54 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-05 19:36 . 2010-07-05 19:36 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-05 19:36 . 2010-07-05 19:36 -------- d-----w- c:\program files\DIFX
2010-07-05 19:36 . 2010-07-05 19:36 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-07-02 21:04 . 2009-12-26 03:59 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\GARMIN
2010-07-02 21:04 . 2009-12-26 03:41 -------- d-----w- c:\programdata\GARMIN
2010-07-02 13:01 . 2010-07-02 13:01 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2010-07-02 01:28 . 2009-12-26 03:47 -------- d-----w- c:\program files\ffdshow
2010-07-01 01:59 . 2010-07-01 01:59 53632 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-01 01:59 . 2009-12-26 05:24 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-29 13:29 . 2010-06-29 13:29 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-06-29 13:29 . 2010-06-29 13:29 185224 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-06-26 06:05 . 2010-08-11 18:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 18:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 18:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 18:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AcrobatUpdater.exe
2010-04-19 15:06 . 2010-04-19 15:06 630 ----a-w- c:\program files\RejoinCommandLine.txt
2010-04-27 21:16 . 2010-05-07 00:29 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-08-01 05:10 . 2009-12-16 00:57 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2006-05-03 09:06 . 2010-08-29 00:28 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-08-29 00:28 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-08-29 00:28 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-12-07 03:16 . 2007-12-07 03:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-01 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-01 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:36,e7,7b,1c,13,a4,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\DRIVERS\cvpopflt.sys [2007-05-09 1507104]
R3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\DRIVERS\cvuvc.sys [2007-05-09 1924128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - uteajs

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:53]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-gStart - c:\program files\Garmin\gStart.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 23:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\PAULDU~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uteajs]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-29 23:53:58
ComboFix-quarantined-files.txt 2010-08-30 03:53

Pre-Run: 81,767,145,472 bytes free
Post-Run: 82,248,982,528 bytes free

- - End Of File - - 5895FA4491182DFF883B45EB61B9ABCC

#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 29 August 2010 - 11:36 PM

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\users\Paul Dufresne\AppData\Local\Blijumusetubeto.dat
c:\users\Paul Dufresne\AppData\Local\Rquqanawifuki.bin
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 30 August 2010 - 12:12 AM


The latest log...

BTW: ComboFix keeps complaining that Norton Anti-Virus and Norton Anti-Spyware are running, but uninstalled those a long time ago and replaced them with McAfee. I'm not sure why it thinks they're still there.

Anyway, here's the log:

ComboFix 10-08-28.02 - Paul Dufresne 30/08/2010 0:50.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3071.1785 [GMT -4:00]
Running from: c:\users\Paul Dufresne\Downloads\ComboFix.exe
Command switches used :: c:\users\Paul Dufresne\Downloads\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Paul Dufresne\AppData\Local\Blijumusetubeto.dat"
"c:\users\Paul Dufresne\AppData\Local\Rquqanawifuki.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Paul Dufresne\AppData\Local\Blijumusetubeto.dat
c:\users\Paul Dufresne\AppData\Local\Rquqanawifuki.bin

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 05:01 . 2010-08-30 05:01 -------- d-----w- c:\users\Paul Dufresne\AppData\Local\temp
2010-08-30 05:01 . 2010-08-30 05:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-30 05:01 . 2010-08-30 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 04:48 . 2010-08-30 04:49 -------- d-----w- C:\32788R22FWJFW
2010-08-30 04:31 . 2010-08-30 04:32 -------- d-----w- c:\windows\LastGood
2010-08-30 04:30 . 2010-08-30 04:30 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-29 00:28 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-29 00:28 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-29 00:28 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-29 00:28 . 2010-08-29 00:28 -------- d-----w- c:\program files\eRightSoft
2010-08-23 17:28 . 2010-08-23 18:08 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\Malwarebytes
2010-08-20 12:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\programdata\Malwarebytes
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 12:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 22:20 . 2010-08-19 05:00 -------- d-----w- c:\program files\GPSBabel
2010-08-11 18:24 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:24 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:24 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:24 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 18:24 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 18:24 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:24 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:24 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:24 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 15:10 . 2010-08-07 15:10 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\WinBatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 04:30 . 2010-02-18 03:46 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-30 04:30 . 2010-02-18 03:46 -------- d-----w- c:\programdata\NVIDIA
2010-08-30 03:54 . 2010-02-18 03:49 91367 ----a-w- c:\programdata\nvModes.dat
2010-08-30 03:33 . 2010-06-21 14:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 00:22 . 2010-01-08 03:38 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\CyberLink
2010-08-26 21:01 . 2009-12-17 05:01 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-20 14:31 . 2010-02-24 16:34 -------- d-----w- c:\program files\Mixxx
2010-08-19 05:09 . 2009-12-16 02:39 -------- d-----w- c:\program files\Google
2010-08-19 04:45 . 2010-08-19 04:45 20 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\bawuho.dat
2010-08-19 04:39 . 2009-12-16 01:00 2032 ----a-w- c:\users\Paul Dufresne\AppData\Local\d3d9caps.dat
2010-08-12 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 13:48 . 2010-03-03 21:25 1 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-09 17:51 . 2010-06-24 18:57 -------- d-----w- c:\programdata\DVD Shrink
2010-08-09 13:12 . 2009-12-26 02:26 -------- d-----w- c:\program files\Garmin
2010-08-07 15:15 . 2009-12-25 20:44 -------- d-----w- c:\programdata\LightScribe
2010-08-07 15:14 . 2007-12-07 03:59 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-08-07 15:13 . 2010-01-04 20:10 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\gtk-2.0
2010-07-27 18:27 . 2010-07-27 18:27 176836 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-21 12:33 . 2010-06-23 05:05 -------- d-----w- c:\program files\iTunes
2010-07-21 12:32 . 2010-07-21 12:32 -------- d-----w- c:\program files\iPod
2010-07-21 12:32 . 2009-12-17 21:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 12:27 . 2010-07-21 12:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 20:26 . 2010-03-16 18:06 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\vlc
2010-07-19 12:11 . 2009-12-26 03:47 -------- d-----w- c:\program files\TVersity Codec Pack
2010-07-09 20:37 . 2010-07-09 20:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37 . 2010-07-09 20:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37 . 2010-07-09 20:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37 . 2010-07-09 20:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 17:39 . 2010-07-08 15:54 -------- d-----w- c:\programdata\NOS
2010-07-08 15:57 . 2007-12-07 04:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-08 15:54 . 2010-07-08 15:54 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-05 19:36 . 2010-07-05 19:36 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-05 19:36 . 2010-07-05 19:36 -------- d-----w- c:\program files\DIFX
2010-07-05 19:36 . 2010-07-05 19:36 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-07-02 21:04 . 2009-12-26 03:59 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\GARMIN
2010-07-02 21:04 . 2009-12-26 03:41 -------- d-----w- c:\programdata\GARMIN
2010-07-02 13:01 . 2010-07-02 13:01 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2010-07-02 01:28 . 2009-12-26 03:47 -------- d-----w- c:\program files\ffdshow
2010-07-01 01:59 . 2010-07-01 01:59 53632 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-01 01:59 . 2009-12-26 05:24 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-29 13:29 . 2010-06-29 13:29 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-06-29 13:29 . 2010-06-29 13:29 185224 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-06-26 06:05 . 2010-08-11 18:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 18:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 18:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 18:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AcrobatUpdater.exe
2010-04-19 15:06 . 2010-04-19 15:06 630 ----a-w- c:\program files\RejoinCommandLine.txt
2010-04-27 21:16 . 2010-05-07 00:29 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-08-01 05:10 . 2009-12-16 00:57 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2006-05-03 09:06 . 2010-08-29 00:28 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-08-29 00:28 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-08-29 00:28 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-12-07 03:16 . 2007-12-07 03:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_03.51.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 09:37 . 2010-07-10 09:37 56936 c:\windows\System32\OpenCL.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 56936 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\OpenCL.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 45600 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtkCoInst.dll
+ 2008-09-25 12:49 . 2008-09-25 12:49 81920 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\AERTSrv.exe
+ 2008-09-25 12:52 . 2008-09-25 12:52 60416 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\AERTARen.dll
+ 2009-12-16 01:27 . 2010-08-30 04:31 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-16 01:27 . 2010-08-30 03:35 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-16 01:27 . 2010-08-30 04:31 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-16 01:27 . 2010-08-30 03:35 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-25 12:52 . 2008-09-25 12:52 60416 c:\windows\System32\AERTARen.dll
- 2009-12-16 04:31 . 2010-08-29 00:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-16 04:31 . 2010-08-30 03:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-16 04:31 . 2010-08-29 00:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-16 04:31 . 2010-08-30 03:35 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 04:31 . 2010-08-29 00:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-16 04:31 . 2010-08-30 03:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-30 04:32 . 2007-10-18 14:54 26112 c:\windows\LastGood\system32\RtkCoInst.dll
+ 2010-08-30 04:30 . 2010-08-30 04:30 10134 c:\windows\Installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\ARPPRODUCTICON.exe
+ 2006-11-02 10:25 . 2010-08-30 04:32 86016 c:\windows\inf\infpub.dat
+ 2009-01-12 17:37 . 2009-01-12 17:37 282624 c:\windows\System32\RTPCEE32.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 998432 c:\windows\System32\RtkPgExt.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 326176 c:\windows\System32\RtkApoApi.dll
+ 2007-12-07 03:49 . 2009-02-11 16:48 137760 c:\windows\System32\RTCOM\RTLCPAPI.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 141856 c:\windows\System32\RTCOM\RtkCfg.dll
- 2006-11-02 10:33 . 2010-08-30 03:42 620432 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-30 04:34 620432 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-30 03:42 113138 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-08-30 04:34 113138 c:\windows\System32\perfc009.dat
+ 2010-07-10 09:37 . 2010-07-10 09:37 236136 c:\windows\System32\nvcod1922.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 236136 c:\windows\System32\nvcod.dll
+ 2009-12-16 01:49 . 2010-05-21 18:14 221568 c:\windows\System32\MpSigStub.exe
+ 2010-07-10 09:37 . 2010-07-10 09:37 604776 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvudisp.exe
+ 2010-07-10 09:37 . 2010-07-10 09:37 261268 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvdrsdb.bin
+ 2010-07-10 09:37 . 2010-07-10 09:37 314984 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvdecodemft.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 236136 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvcod.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 795104 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\dpinst.exe
+ 2010-07-10 09:37 . 2010-07-10 09:37 156264 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\dbInstaller.exe
+ 2007-07-25 05:33 . 2007-07-25 05:33 135168 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\SRSWOW.dll
+ 2006-12-13 06:30 . 2006-12-13 06:30 339968 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\SRSTSXT.dll
+ 2009-01-12 17:37 . 2009-01-12 17:37 282624 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RTPCEE32.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 137760 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RTLCPAPI.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 998432 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtkPgExt.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 141856 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtkCfg.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 326176 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtkApoApi.dll
+ 2008-10-08 08:56 . 2008-10-08 08:56 141312 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\AERTACap.dll
+ 2008-10-08 08:56 . 2008-10-08 08:56 141312 c:\windows\System32\AERTACap.dll
+ 2010-08-30 04:32 . 2007-10-17 15:27 582656 c:\windows\LastGood\system32\RtkPgExt.dll
+ 2010-08-30 04:32 . 2007-03-07 14:59 131072 c:\windows\LastGood\system32\RTCOM\RTLCPAPI.dll
+ 2010-08-30 04:32 . 2007-10-22 15:01 479232 c:\windows\LastGood\system32\RTCOM\RTCOMDLL.dll
+ 2010-08-30 04:30 . 2010-08-30 04:30 463360 c:\windows\Installer\32f7ae.msi
+ 2006-11-02 10:25 . 2010-08-30 04:32 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-07-05 19:36 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-08-30 04:32 143360 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2010-07-05 19:36 143360 c:\windows\inf\infstor.dat
- 2006-11-02 10:22 . 2010-08-12 16:59 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-08-30 04:28 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-12-07 03:49 . 2009-02-11 16:47 1030688 c:\windows\System32\RTCOM\RTCOMDLL.dll
+ 2008-10-31 14:51 . 2008-10-31 14:51 1314816 c:\windows\System32\PVSonyDll.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 5107816 c:\windows\System32\nvwgf2um.dll
+ 2010-02-18 03:45 . 2010-07-10 09:37 9818728 c:\windows\System32\nvd3dum.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 2892904 c:\windows\System32\nvcuvid.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 2506344 c:\windows\System32\nvcuvenc.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 4553832 c:\windows\System32\nvcuda.dll
+ 2010-02-18 03:45 . 2010-07-10 09:37 1625192 c:\windows\System32\nvapi.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 5107816 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvwgf2um.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 9818728 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvd3dum.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 2892904 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvcuvid.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 2506344 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvcuvenc.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 4553832 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvcuda.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 1625192 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvapi.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 1206816 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtlUpd.exe
+ 2009-02-11 16:38 . 2009-02-11 16:38 2324512 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RTKVHDA.sys
+ 2009-02-11 16:48 . 2009-02-11 16:48 2523680 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtkAPO.dll
+ 2009-02-11 16:48 . 2009-02-11 16:48 6724128 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RtHDVCpl.exe
+ 2009-02-11 16:47 . 2009-02-11 16:47 1030688 c:\windows\System32\DriverStore\FileRepository\hdacpc.inf_bbee35d8\RTCOMDLL.dll
+ 2009-02-11 16:38 . 2009-02-11 16:38 2324512 c:\windows\System32\drivers\RTKVHDA.sys
+ 2009-12-16 01:27 . 2010-08-30 04:31 1048576 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 01:27 . 2010-08-30 03:35 1048576 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-30 04:32 . 2007-10-24 19:50 2101248 c:\windows\LastGood\system32\RtkAPO.dll
+ 2010-08-30 04:32 . 2007-10-25 14:26 2015192 c:\windows\LastGood\system32\drivers\RTKVHDA.sys
+ 2010-08-30 04:50 . 2010-08-30 04:50 6434816 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2010-07-10 09:37 . 2010-07-10 09:37 14092904 c:\windows\System32\nvoglv32.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 10267240 c:\windows\System32\nvcompiler.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 14092904 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvoglv32.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 11008040 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvlddmkm.sys
+ 2010-07-10 09:37 . 2010-07-10 09:37 50354424 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\NvCplSetupInt.exe
+ 2010-07-10 09:37 . 2010-07-10 09:37 10267240 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_330fccd6\nvcompiler.dll
+ 2010-07-10 09:37 . 2010-07-10 09:37 11008040 c:\windows\System32\drivers\nvlddmkm.sys
+ 2009-12-21 08:00 . 2010-08-30 04:28 316427781 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-01 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-01 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:36,e7,7b,1c,13,a4,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\DRIVERS\cvpopflt.sys [2007-05-09 1507104]
R3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\DRIVERS\cvuvc.sys [2007-05-09 1924128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - uteajs

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:53]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 01:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uteajs]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-30 01:04:21
ComboFix-quarantined-files.txt 2010-08-30 05:04
ComboFix2.txt 2010-08-30 03:53

Pre-Run: 81,867,501,568 bytes free
Post-Run: 81,826,320,384 bytes free

- - End Of File - - 4C6AF33456F2BABC778C87E911303EAD


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 30 August 2010 - 12:35 AM

Hi there,

Don't worry about the Norton warnings, CF just thinks it's there.

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
Driver::
uteajs
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 30 August 2010 - 07:38 AM

Latest log...

ComboFix 10-08-28.02 - Paul Dufresne 30/08/2010 1:56.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3071.1943 [GMT -4:00]
Running from: c:\users\Paul Dufresne\Downloads\ComboFix.exe
Command switches used :: c:\users\Paul Dufresne\Downloads\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UTEAJS
-------\Service_uteajs


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 06:08 . 2010-08-30 06:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-30 06:08 . 2010-08-30 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 05:04 . 2010-08-30 12:12 -------- d-----w- c:\users\Paul Dufresne\AppData\Local\temp
2010-08-30 04:30 . 2010-08-30 04:30 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-29 00:28 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-29 00:28 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-29 00:28 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-29 00:28 . 2010-08-29 00:28 -------- d-----w- c:\program files\eRightSoft
2010-08-23 17:28 . 2010-08-23 18:08 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\Malwarebytes
2010-08-20 12:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\programdata\Malwarebytes
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 12:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 04:45 . 2010-08-30 06:09 757760 ----a-w- c:\windows\system32\drivers\uteajs.sys
2010-08-17 22:20 . 2010-08-19 05:00 -------- d-----w- c:\program files\GPSBabel
2010-08-11 18:24 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:24 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:24 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:24 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 18:24 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 18:24 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:24 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:24 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:24 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 15:10 . 2010-08-07 15:10 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\WinBatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 12:12 . 2010-02-18 03:49 37685 ----a-w- c:\programdata\nvModes.dat
2010-08-30 12:12 . 2010-02-18 03:46 -------- d-----w- c:\programdata\NVIDIA
2010-08-30 06:09 . 2010-06-21 14:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 04:30 . 2010-02-18 03:46 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-29 00:22 . 2010-01-08 03:38 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\CyberLink
2010-08-26 21:01 . 2009-12-17 05:01 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-20 14:31 . 2010-02-24 16:34 -------- d-----w- c:\program files\Mixxx
2010-08-19 05:09 . 2009-12-16 02:39 -------- d-----w- c:\program files\Google
2010-08-19 04:45 . 2010-08-19 04:45 20 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\bawuho.dat
2010-08-19 04:39 . 2009-12-16 01:00 2032 ----a-w- c:\users\Paul Dufresne\AppData\Local\d3d9caps.dat
2010-08-12 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 13:48 . 2010-03-03 21:25 1 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-09 17:51 . 2010-06-24 18:57 -------- d-----w- c:\programdata\DVD Shrink
2010-08-09 13:12 . 2009-12-26 02:26 -------- d-----w- c:\program files\Garmin
2010-08-07 15:15 . 2009-12-25 20:44 -------- d-----w- c:\programdata\LightScribe
2010-08-07 15:14 . 2007-12-07 03:59 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-08-07 15:13 . 2010-01-04 20:10 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\gtk-2.0
2010-07-27 18:27 . 2010-07-27 18:27 176836 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-21 12:33 . 2010-06-23 05:05 -------- d-----w- c:\program files\iTunes
2010-07-21 12:32 . 2010-07-21 12:32 -------- d-----w- c:\program files\iPod
2010-07-21 12:32 . 2009-12-17 21:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 12:27 . 2010-07-21 12:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 20:26 . 2010-03-16 18:06 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\vlc
2010-07-19 12:11 . 2009-12-26 03:47 -------- d-----w- c:\program files\TVersity Codec Pack
2010-07-09 20:37 . 2010-07-09 20:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37 . 2010-07-09 20:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37 . 2010-07-09 20:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37 . 2010-07-09 20:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 17:39 . 2010-07-08 15:54 -------- d-----w- c:\programdata\NOS
2010-07-08 15:57 . 2007-12-07 04:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-08 15:54 . 2010-07-08 15:54 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-05 19:36 . 2010-07-05 19:36 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-05 19:36 . 2010-07-05 19:36 -------- d-----w- c:\program files\DIFX
2010-07-05 19:36 . 2010-07-05 19:36 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-07-02 21:04 . 2009-12-26 03:59 -------- d-----w- c:\users\Paul Dufresne\AppData\Roaming\GARMIN
2010-07-02 21:04 . 2009-12-26 03:41 -------- d-----w- c:\programdata\GARMIN
2010-07-02 13:01 . 2010-07-02 13:01 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2010-07-02 01:28 . 2009-12-26 03:47 -------- d-----w- c:\program files\ffdshow
2010-07-01 01:59 . 2010-07-01 01:59 53632 ----a-w- c:\users\Paul Dufresne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-01 01:59 . 2009-12-26 05:24 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-29 13:29 . 2010-06-29 13:29 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-06-29 13:29 . 2010-06-29 13:29 185224 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-06-26 06:05 . 2010-08-11 18:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 18:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 18:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 18:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\1934\AcrobatUpdater.exe
2010-04-19 15:06 . 2010-04-19 15:06 630 ----a-w- c:\program files\RejoinCommandLine.txt
2010-04-27 21:16 . 2010-05-07 00:29 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-08-01 05:10 . 2009-12-16 00:57 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2006-05-03 09:06 . 2010-08-29 00:28 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-08-29 00:28 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-08-29 00:28 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-12-07 03:16 . 2007-12-07 03:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-13 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-01 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-01 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:36,e7,7b,1c,13,a4,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\DRIVERS\cvpopflt.sys [2007-05-09 1507104]
R3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\DRIVERS\cvuvc.sys [2007-05-09 1924128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:53]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\users\Paul Dufresne\AppData\Roaming\Mozilla\Firefox\Profiles\5yq3h4h4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5556)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\users\Paul Dufresne\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-30 08:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 12:17
ComboFix2.txt 2010-08-30 05:04
ComboFix3.txt 2010-08-30 03:53

Pre-Run: 81,907,507,200 bytes free
Post-Run: 81,691,328,512 bytes free

- - End Of File - - 17048C8D65A369CC505C1C59BBE12D74


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 30 August 2010 - 10:14 AM

Hi there,

Can you run GMER again for me please.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 30 August 2010 - 11:16 AM


I've tried running it 4 times, but it keeps giving me BSODs. I tried unchecking the "Devices" box, but it still crashes.

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 30 August 2010 - 11:40 AM

Can you try running it with just Services checked.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 30 August 2010 - 12:14 PM

I ran it with just Services selected. A message box popped-up stating that no modifications to my system were found.

#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:53 AM

Posted 30 August 2010 - 12:23 PM

Hi there,

Okay that's what I wanted. smile.gif

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 prdufresne

prdufresne
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 30 August 2010 - 09:58 PM

Well, that last scan took a long time!

Here are the results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4509

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

30/08/2010 1:43:59 PM
mbam-log-2010-08-30 (13-43-59).txt

Scan type: Quick scan
Objects scanned: 136194
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 30, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 30, 2010 11:53:42
Records in database: 4168557
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\
Y:\
Z:\

Scan statistics:
Objects scanned: 368218
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 05:26:46


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ndis.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\System Recovery Files\C\Users\Paul Dufresne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\13b98886-2ce685aa Infected: Exploit.Java.Agent.f 1
C:\WINDOWS\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys Infected: Virus.Win32.TDSS.b 1






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users