Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 sgferr

sgferr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 13 February 2011 - 10:36 PM

The usual slow computer. Performed all of the other suggested things to do on this site (did help some). Here are my Hijackthis log and Rookit logs (attached and below). I appreciate whomever takes the time to look at these and make recommendations

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:12 PM, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L0DP6CWW\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110212203518.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} (SESSearchCtrl Class) - file:///E:/data/index/ses_ocx/sessearch.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151471128986
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156659887515
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.medfordwomensclinic.com/Remote/msrdp.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/T25L10NSP41EP2-shared-prod/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: slsService - Unknown owner - C:\Program Files\Merge eFilm\eFilm\slsService.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 12770 bytes



GMER - Rookit log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-13 19:33:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3250824AS rev.3.ADH
Running: gmer.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\kwloapow.sys


---- System - GMER 1.0.15 ----

SSDT BA72664E ZwCreateKey
SSDT BA726644 ZwCreateThread
SSDT BA726653 ZwDeleteKey
SSDT BA72665D ZwDeleteValueKey
SSDT BA726662 ZwLoadKey
SSDT BA726630 ZwOpenProcess
SSDT BA726635 ZwOpenThread
SSDT BA72666C ZwReplaceKey
SSDT BA726667 ZwRestoreKey
SSDT BA726658 ZwSetValueKey

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF184]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EAF0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAF112]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAF15A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF1AE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF19A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF16E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9EAF172 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9EAF188 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9EAF19E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9EAF15E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9EAF0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9EAF0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9EAF1B2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9EAF116 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9EAF0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\sigfilt.sys entry point in "init" section [0xB0BCAF80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02D20FEF
.text C:\WINDOWS\System32\svchost.exe[144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02D20FDE
.text C:\WINDOWS\System32\svchost.exe[144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02D2000A
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D10000
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02D10F96
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02D1008B
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02D10070
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02D10FB3
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02D1004E
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02D10F5E
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02D10F7B
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D100F0
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02D10F4D
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02D10F3C
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02D1005F
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D10011
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02D100A6
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02D1003D
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02D1002C
.text C:\WINDOWS\System32\svchost.exe[144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02D100CB
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02D70FB2
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02D70F8D
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02D70FC3
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02D70FD4
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02D7004A
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02D70FE5
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02D70039
.text C:\WINDOWS\System32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02D7001E
.text C:\WINDOWS\System32\svchost.exe[144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02D60062
.text C:\WINDOWS\System32\svchost.exe[144] msvcrt.dll!system 77C293C7 5 Bytes JMP 02D60047
.text C:\WINDOWS\System32\svchost.exe[144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02D60FDE
.text C:\WINDOWS\System32\svchost.exe[144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02D60FEF
.text C:\WINDOWS\System32\svchost.exe[144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02D60FCD
.text C:\WINDOWS\System32\svchost.exe[144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02D60018
.text C:\WINDOWS\System32\svchost.exe[144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D50FE5
.text C:\WINDOWS\System32\svchost.exe[144] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02D40FEF
.text C:\WINDOWS\System32\svchost.exe[144] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02D4000A
.text C:\WINDOWS\System32\svchost.exe[144] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02D40FD4
.text C:\WINDOWS\System32\svchost.exe[144] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 02D40025
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630089
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F94
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0063006C
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063005B
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630FAF
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F68
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006300A4
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006300D5
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F3C
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006300E6
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630FCA
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F83
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F57
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0066006C
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0066002C
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660FAF
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [86, 88]
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0065006B
.text C:\WINDOWS\system32\svchost.exe[252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650050
.text C:\WINDOWS\system32\svchost.exe[252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0065002E
.text C:\WINDOWS\system32\svchost.exe[252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0065003F
.text C:\WINDOWS\system32\svchost.exe[252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00790FCA
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F52
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F6D
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F88
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FB9
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0078007D
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0078006C
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800A9
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F1A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800BA
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780040
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F41
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0078008E
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0025
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C0F97
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C0FCA
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007C0FA8
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007C0FB9
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9C, 88]
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007C0036
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0F99
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B002E
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0FE3
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0FC8
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B001D
.text C:\WINDOWS\system32\svchost.exe[416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0FEF
.text C:\WINDOWS\system32\svchost.exe[492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009E0014
.text C:\WINDOWS\system32\svchost.exe[492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0F70
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0065
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0054
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F97
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D008C
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F44
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F0E
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00A7
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D00CC
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0FA8
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F55
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D002F
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F1F
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50087
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A5006C
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A50051
.text C:\WINDOWS\system32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00FA8
.text C:\WINDOWS\system32\svchost.exe[492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00033
.text C:\WINDOWS\system32\svchost.exe[492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00FCD
.text C:\WINDOWS\system32\svchost.exe[492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00022
.text C:\WINDOWS\system32\svchost.exe[492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00011
.text C:\WINDOWS\system32\svchost.exe[492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009F0000
.text C:\WINDOWS\Explorer.EXE[828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01560000
.text C:\WINDOWS\Explorer.EXE[828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0156001B
.text C:\WINDOWS\Explorer.EXE[828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01560FE5
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01500FEF
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0150007F
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01500064
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01500053
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01500036
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01500025
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01500F48
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01500090
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015000BC
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 015000AB
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 015000E1
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01500F9E
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0150000A
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01500F6F
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01500FB9
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01500FCA
.text C:\WINDOWS\Explorer.EXE[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01500F37
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014E0039
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014E0079
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014E0FDE
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014E0FEF
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014E0FBC
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014E000A
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 014E0054
.text C:\WINDOWS\Explorer.EXE[828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014E0FCD
.text C:\WINDOWS\Explorer.EXE[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01690FDE
.text C:\WINDOWS\Explorer.EXE[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 01690069
.text C:\WINDOWS\Explorer.EXE[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01690033
.text C:\WINDOWS\Explorer.EXE[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0169000C
.text C:\WINDOWS\Explorer.EXE[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0169004E
.text C:\WINDOWS\Explorer.EXE[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01690FEF
.text C:\WINDOWS\Explorer.EXE[828] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01570FEF
.text C:\WINDOWS\Explorer.EXE[828] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01570FDE
.text C:\WINDOWS\Explorer.EXE[828] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0157000A
.text C:\WINDOWS\Explorer.EXE[828] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01570FB9
.text C:\WINDOWS\Explorer.EXE[828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01680000
.text C:\WINDOWS\system32\spoolsv.exe[876] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D76E60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00D78E20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D75620 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!ReadFile 7C801812 5 Bytes JMP 00D76FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D79020 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CreateFileMappingW 7C80943C 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00D78A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00D77B50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!OpenFileMappingW 7C80BB7A 5 Bytes JMP 00D78D00 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!DuplicateHandle 7C80DE9E 5 Bytes JMP 00D7A730 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00D78690 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindClose 7C80EE77 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindClose 7C80EE77 5 Bytes JMP 00D787A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00D785A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindNextFileW 7C80EFDA 5 Bytes JMP 00D78880 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D79540 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00D778E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileSize 7C810B17 5 Bytes JMP 00D77810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!SetFilePointer 7C810C2E 5 Bytes JMP 00D77580 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00D77250 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileType 7C810EF1 5 Bytes JMP 00D77EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D77BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileAttributesA 7C8115DC 5 Bytes JMP 00D77AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FlushFileBuffers 7C8126E1 5 Bytes JMP 00D77500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindFirstFileA 7C813879 5 Bytes JMP 00D784B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00D776D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D7A130 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D79A80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D79CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetFileTime 7C831C4D 5 Bytes JMP 00D77CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!SetFileTime 7C831CC0 5 Bytes JMP 00D77DC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00D78060 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00D781A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00D779B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!UnlockFile 7C8322EC 5 Bytes JMP 00D77FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!LockFile 7C832391 5 Bytes JMP 00D77F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!FindNextFileA 7C834EE1 5 Bytes JMP 00D78810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!_hread 7C8353FE 5 Bytes JMP 00D782E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!_llseek 7C835436 5 Bytes JMP 00D78420 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00D7A3A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!GetShortPathNameA 7C835BE0 5 Bytes JMP 00D788F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D79EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!ReplaceFile 7C836C6C 5 Bytes JMP 00D7A630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] kernel32.dll!_hwrite 7C838B17 5 Bytes JMP 00D78380 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00D76220 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00D75CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 00D76050 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!GetPixel 77F1B74C 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00D75E50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00D75780 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00D75960 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!CopyEnhMetaFileW 77F270CC 5 Bytes JMP 00D76C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!CopyMetaFileW 77F2C3ED 5 Bytes JMP 00D76A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!CopyMetaFileA 77F2C52B 5 Bytes JMP 00D76610 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!GetMetaFileW 77F3853D 5 Bytes JMP 00D76820 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!GetEnhMetaFileW 77F397A3 5 Bytes JMP 00D76930 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!GetMetaFileA 77F44216 5 Bytes JMP 00D763F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00D7CDA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!StartDocA 77F45E79 5 Bytes JMP 00D7BDE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] GDI32.dll!GetEnhMetaFileA 77F4AE35 5 Bytes JMP 00D76500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00D76190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00D75B40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00D75C30 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] USER32.dll!PrintWindow 7E423810 5 Bytes JMP 00D76320 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00D75BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[876] ole32.dll!DoDragDrop 775D0DBD 5 Bytes JMP 00D78F20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\dllhost.exe[1000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\system32\dllhost.exe[1000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090014
.text C:\WINDOWS\system32\dllhost.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDE
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B006C
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F83
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00A4
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F30
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00BF
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00EE
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0087
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\system32\dllhost.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F41
.text C:\WINDOWS\system32\dllhost.exe[1000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\dllhost.exe[1000] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\dllhost.exe[1000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A002E
.text C:\WINDOWS\system32\dllhost.exe[1000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[1000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0049
.text C:\WINDOWS\system32\dllhost.exe[1000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0058
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0011
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FDB
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0047
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B002C
.text C:\WINDOWS\system32\dllhost.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FA5
.text C:\WINDOWS\system32\dllhost.exe[1000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B900AE
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90091
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F81
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F66
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900FF
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F55
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B9006C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B900D3
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90040
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900EE
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B7004E
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B7003D
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FD7
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B7002C
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0091006C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091005B
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910F83
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910025
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F3A
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910F4B
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910EFD
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00910F0E
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910EE2
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910F9E
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910F5C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910F1F
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900FC3
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900F83
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FB7
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0038
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FD2
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0027
.text C:\WINDOWS\system32\svchost.exe[1220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FE3
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F77
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F88
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FA5
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FC0
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80087
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F3F
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800BA
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B800A9
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F10
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80047
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F5C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80011
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80098
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FC3
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70F86
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70039
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70F97
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70FA8
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F89
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FA4
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FB5
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60014
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FD2
.text C:\WINDOWS\system32\services.exe[1392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\services.exe[1392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\services.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0073
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F7E
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0058
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0047
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0F37
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F52
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0EFA
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB0F0B
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB0EE9
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0036
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0F6D
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\services.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB0F1C
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30F8A
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30047
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E30036
.text C:\WINDOWS\system32\services.exe[1392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30FB9
.text C:\WINDOWS\system32\services.exe[1392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE004C
.text C:\WINDOWS\system32\services.exe[1392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0027
.text C:\WINDOWS\system32\services.exe[1392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FD2
.text C:\WINDOWS\system32\services.exe[1392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\services.exe[1392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0FB7
.text C:\WINDOWS\system32\services.exe[1392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE000C
.text C:\WINDOWS\system32\services.exe[1392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\lsass.exe[1404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\lsass.exe[1404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\lsass.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF008E
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF007D
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF006C
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00B5
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F6D
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00D0
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F2D
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0F1C
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F7E
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\lsass.exe[1404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F52
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50FA8
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50F7C
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FC3
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50FD4
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F8D
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F50025
.text C:\WINDOWS\system32\lsass.exe[1404] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50014
.text C:\WINDOWS\system32\lsass.exe[1404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FC8
.text C:\WINDOWS\system32\lsass.exe[1404] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20053
.text C:\WINDOWS\system32\lsass.exe[1404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C2001D
.text C:\WINDOWS\system32\lsass.exe[1404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\lsass.exe[1404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20038
.text C:\WINDOWS\system32\lsass.exe[1404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\lsass.exe[1404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE0F7B
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE0F96
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE007A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE005F
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE004E
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE00B7
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE009C
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE0F28
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE0F39
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0F17
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE0FC7
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE008B
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE003D
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0022
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE0F54
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B20051
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B20098
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B20036
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B2001B
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B20FDB
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B20073
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B20062
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10044
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B10033
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B10FDE
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B1000C
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B10FCD
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1664] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1896] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[1896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30082
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30067
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30F8D
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30F9E
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3002F
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F57
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C3009F
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30F21
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300C4
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C300DF
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30040
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30F72
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F46
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C70FCA
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C70F8A
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C70047
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C70FA5
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E7, 88] {OUT 0x88, EAX}
.text C:\WINDOWS\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C7002C
.text C:\WINDOWS\system32\svchost.exe[1896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C6007A
.text C:\WINDOWS\system32\svchost.exe[1896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60069
.text C:\WINDOWS\system32\svchost.exe[1896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60033
.text C:\WINDOWS\system32\svchost.exe[1896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60044
.text C:\WINDOWS\system32\svchost.exe[1896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C6000C
.text C:\WINDOWS\system32\svchost.exe[1896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\dllhost.exe[2492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\system32\dllhost.exe[2492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FD4
.text C:\WINDOWS\system32\dllhost.exe[2492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F63
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F94
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F35
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F1A
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00B3
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F09
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F52
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\dllhost.exe[2492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0098
.text C:\WINDOWS\system32\dllhost.exe[2492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F92
.text C:\WINDOWS\system32\dllhost.exe[2492] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FAD
.text C:\WINDOWS\system32\dllhost.exe[2492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\system32\dllhost.exe[2492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[2492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\system32\dllhost.exe[2492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B005B
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\dllhost.exe[2492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\dllhost.exe[2492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80FE5
.text C:\Program Files\Messenger\msmsgs.exe[3344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\Program Files\Messenger\msmsgs.exe[3344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090014
.text C:\Program Files\Messenger\msmsgs.exe[3344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDE
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F94
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0089
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C006C
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0FAF
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FC0
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F4D
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F68
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0F21
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F3C
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00CB
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0047
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0011
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0F83
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C002C
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FDB
.text C:\Program Files\Messenger\msmsgs.exe[3344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00B0
.text C:\Program Files\Messenger\msmsgs.exe[3344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B002E
.text C:\Program Files\Messenger\msmsgs.exe[3344] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B001D
.text C:\Program Files\Messenger\msmsgs.exe[3344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC8
.text C:\Program Files\Messenger\msmsgs.exe[3344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\Program Files\Messenger\msmsgs.exe[3344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FAD
.text C:\Program Files\Messenger\msmsgs.exe[3344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FE3
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0022
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0047
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0011
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0000
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0F94
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0FA5
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88]
.text C:\Program Files\Messenger\msmsgs.exe[3344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FB6
.text C:\Program Files\Messenger\msmsgs.exe[3344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002D0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3344] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002E0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3344] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002E0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3344] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002E0FB9
.text C:\Program Files\Messenger\msmsgs.exe[3344] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 002E0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270073
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270051
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F63
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F26
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F37
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F15
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027008E
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700AB
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360014
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360054
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360039
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370033
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01120FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01120FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01120014
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01120025
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01190FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150025
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F6A
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027005F
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F91
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270095
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270084
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F17
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F28
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EFC
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0027003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F59
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FC7
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270022
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700B0
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360040
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370038
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370027
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0014
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0025
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 009E0040
.text C:\Program Files\Internet Explorer\iexplore.exe[3828] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A30000

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device ACC8DD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal 0 bytes
File C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2011-02-journal 0 bytes
File C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal 0 bytes
File C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal 0 bytes
File C:\Documents and Settings\Steve\Local Settings\Temp\McTemp\MPF_subinfo.dat 3002 bytes
File C:\Documents and Settings\Steve\Local Settings\Temp\McTemp\MPS_subinfo.dat 3000 bytes
File C:\Documents and Settings\Steve\Local Settings\Temp\McTemp\MQS_subinfo.dat 3012 bytes
File C:\Documents and Settings\Steve\Local Settings\Temp\McTemp\MSAD_subinfo.dat 2998 bytes
File C:\Documents and Settings\Steve\Local Settings\Temp\McTemp\MSK_subinfo.dat 2984 bytes
File C:\Documents and Settings\Steve\Local Settings\Temp\McTemp\VSO_subinfo.dat 3020 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 AM

Posted 19 February 2011 - 11:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 AM

Posted 24 February 2011 - 06:51 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users