Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Trojan Removal


  • This topic is locked This topic is locked
13 replies to this topic

#1 Chocmilk

Chocmilk

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:01:47 AM

Posted 03 March 2011 - 04:40 PM

I have McAfee Internet Security on my computer and when it does a full scan the results say I have:
Trojans: 1
Tracking Cookies: 412
Potentially Unwanted Projrams: 15
I know nothing about computers, but want to learn at least enough to get me by. I have not figured out how to see exactly what these negative results are in my McAfee Security Center, or how to remove them with out purchasing an expensive program. Any thoughts?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:47 AM

Posted 03 March 2011 - 04:54 PM

If you are asking for details on how to interpret/use the McAfee product, you need to read the HELP menus for that program..

If you are asking for general info re malware protection, then you should visit AV, Firewall, Privacy, Protection forum.

If the AV found a Trojan, it should be able to remove it. If you are saying that your AV cannot remove it, you need to state that clearly.

Louis

Edited by hamluis, 03 March 2011 - 04:55 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 03 March 2011 - 04:56 PM

Hello, if you have the option to quarantine them do so.
I am moving this from XP to the Am I Infected forum.


I have not figured out how to see exactly what these negative results are in my McAfee Security Center, or how to remove them with out purchasing an expensive program. Any thoughts?

Wou;d need to see the log with their names to advice on this.


Let's get another scan.. Everything I use willl be free.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Chocmilk

Chocmilk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:01:47 AM

Posted 04 March 2011 - 10:17 PM

This is what I found with my first full scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5939

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2011 5:08:36 AM
mbam-log-2011-03-03 (05-08-36).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 258012
Time elapsed: 1 hour(s), 15 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 06 March 2011 - 06:30 PM

HI, this was good,but I think we'll need twu more scans here.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

NOTE: There have been reported problems with FireFox not loading pages properly after running ATF to clean the Firefox cache and download history. The glitch occurs if you have Firefox opened to Bleepingcomputer or other web sites while clearing the Firefox cache with ATF Cleaner. Close FF before running ATF. If ATF was run while the browser was open and OP reports problems, have them use FF itself afterwards to clear the cache.

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
Close all open browsers before using, especially FireFox. <-Important!!!
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Now an online scan from Normal mode.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.

Please ask any needed questions,post 2 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Chocmilk

Chocmilk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:01:47 AM

Posted 07 March 2011 - 10:57 PM

This is what I found:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2011 at 04:17 PM

Application Version : 4.49.1000

Core Rules Database Version : 6544
Trace Rules Database Version: 4356

Scan type : Complete Scan
Total Scan Time : 02:07:57

Memory items scanned : 282
Memory threats detected : 0
Registry items scanned : 7868
Registry threats detected : 4
File items scanned : 84482
File threats detected : 10

Adware.HotBar/ShopperReports (Low Risk)
HKU\S-1-5-21-1994958070-1825553831-3062478232-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKCR\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}

Adware.CouponBar
HKU\S-1-5-21-1994958070-1825553831-3062478232-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
C:\WINDOWS\CPNPRT2.CID

MyWay Search Assistant Computers
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\SNAP\HIJACK_THIS\BACKUPS\BACKUP-20060209-155844-889.DLL

Adware.Tracking Cookie
2mdn.net [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
interclick.com [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
macromedia.com [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
media.tattomedia.com [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
oddcast.com [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
zedo.com [ C:\Documents and Settings\Jessie Adams\Application Data\Macromedia\Flash Player\#SharedObjects\BXSZWQW3 ]
interclick.com [ C:\Documents and Settings\Nick Westhoff\Application Data\Macromedia\Flash Player\#SharedObjects\UWH6BP8Y ]

I had some problems with the Eset Scan, when it got to the initialization part it said this:
unexpected error 101
Not sure what to do now?
Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 07 March 2011 - 11:36 PM

Lets try this alternate
Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Chocmilk

Chocmilk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:01:47 AM

Posted 10 March 2011 - 10:30 PM

Hi again. So I tried to run this scan and I got another error message:
Encountered an error, running with insufficient user right to scan all targets. error id:65
Also, I have lots of other error messages popping up when I turn on my computer.
1. vstskmgr.exe has encountered a problem and needs to close

2. windows- virtual memory minimum too low

3. Runtime Error, Program:c:\ProgramFiles\CommonFiles\is3\Anti-Spyware\SZServer.exe
(requested runtime to terminate in unusual way)

The third one has only happened once so far, but both the other ones happen on a regular basis.
Any advise...

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 10 March 2011 - 11:06 PM

Hi,due to the instability her,I feel it best we try to approach this in a safer manner so we dont lose the machine.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Chocmilk

Chocmilk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:01:47 AM

Posted 14 March 2011 - 11:58 AM

hi, ok so I did all that stuff. It seemed to all work well, but when Gmer got done it left me a message saying it found one rootkit. Don't think that is good... but not sure? (when i installed defogger and the instuctions said it would ask me to restart my computer if it disables the drives, well it never did, dont know if that means anything or not but wanted to tell you) I posted everything in the forum you told me too under, Rootkit problems, ran Gmer and found a rootkit. Thanks so much for the help!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 14 March 2011 - 12:09 PM

OK, yes that's what they will need to dig out. be patient it will be a couple days(backed up),but you WILL be answered.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 14 March 2011 - 06:47 PM

I have reopened this for now. Do you have the GMER log and would you post it here?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Chocmilk

Chocmilk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:01:47 AM

Posted 14 March 2011 - 08:54 PM

Hi ok,
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-14 11:24:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75JHC0 rev.06.01C06
Running: gmer.exe; Driver: C:\DOCUME~1\JESSIE~1\LOCALS~1\Temp\uxroapoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB1341620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF785B0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF785B0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF785B120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF785B176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF785B0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF785B0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF785B0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF785B10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF785B14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF785B136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF785B18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF785B160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

? szkg.sys The system cannot find the file specified. !
? szkgfs.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77BA760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9AD2F80]
? C:\DOCUME~1\JESSIE~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D80FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D80FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D80FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F81
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F92
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0076
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC004A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F3A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F55
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F0E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC00A7
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0EFD
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC005B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F70
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0025
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F29
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB002F
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0F72
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DB0F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegCreateKeyW + 3 77DFBA58 2 Bytes [FB, 88]
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0014
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 00DA0055
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 00DA003A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 00DA0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 00DA000C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 00DA0029
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 00DA0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[128] WS2_32.dll!socket 00D14211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0FA0
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0095
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0084
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0073
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FD1
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F85
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00C1
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00F9
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00E8
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB010A
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0062
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB00B0
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F6A
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0F79
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0F8A
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BA0F9B
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 88]
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930F9A
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!system 77C293C7 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC6
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FB5
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[320] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00910FC3
.text C:\WINDOWS\system32\svchost.exe[320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270076
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270065
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F81
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F55
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F66
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C9
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700B8
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F15
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270087
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F44
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F94
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 04EB0610 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 04EB0550 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 04EB03D0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 04EB0490 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 04EB07E0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 04EB0B40 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 04EB0A50 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 04EB0960 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 04EB0CC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 04EAFAC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 04EB0DA0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 04EAFC20 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370042
.text C:\Program Files\Internet Explorer\iexplore.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 009E0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A20000
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F79
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270051
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700CB
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700B0
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700F0
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270040
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270089
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F68
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036003D
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036002C
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360073
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC7
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036004E
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 02EC07E0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02EC0B40 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 02EC0A50 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 02EC0960 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 02EC0CC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 02EBFAC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 02EC0DA0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02EBFC20 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[836] msvcrt.dll!system 77C293C7 5 Bytes JMP 0037004B
.text C:\Program Files\Internet Explorer\iexplore.exe[836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370029
.text C:\Program Files\Internet Explorer\iexplore.exe[836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037003A
.text C:\Program Files\Internet Explorer\iexplore.exe[836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02062840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02062720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 020629E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02062AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01190FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01190000
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01190FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[836] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01190FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[836] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01EB0FEF
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10F97
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10FA8
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10076
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D10F75
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10F86
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F3F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F5A
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D10F2E
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D100A7
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D100D8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0006005F
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060044
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060029
.text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F1006F
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F1004A
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F10F7C
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10039
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F10FA8
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F1009B
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F10080
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F10F13
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F100B6
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F10F02
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10F97
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10F5F
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10FB9
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F10F2E
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F00F8D
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F0004A
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F00FA8
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [10, 89]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EF0F7F
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0F9A
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EF0FC6
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EF0FB5
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EF0FD7
.text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B30014
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C70F5C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C7005B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70F81
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C70F9E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70FCA
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C7008E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C7007D
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C700A9
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70F10
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C700C4
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C70FAF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C7006C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C7002C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C70F2B
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C60FB9
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60F68
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C60F79
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E6, 88] {OUT 0x88, AL}
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60F94
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50FA1
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50FB2
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C5001B
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C40FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150025
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270082
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270071
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027004A
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F57
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F68
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700D5
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F21
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270014
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270093
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027002F
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700C4
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360040
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 03A007E0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03A00B40 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 058C9471 C:\Program Files\STOPzilla!\SZIEBHO.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 058C942B C:\Program Files\STOPzilla!\SZIEBHO.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 03A00A50 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 03A00960 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 03A00CC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 039FFAC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 03A00DA0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 039FFC20 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370031
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02272840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02272720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 022729E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02272AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01190000
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01190011
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01190FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01190FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01EB0FEF
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C4008E
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40F99
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4007D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C4006C
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C40F59
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C40F74
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40F2D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40F48
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C400E1
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40051
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C4009F
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C400BC
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0057
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FCD
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F90
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0028
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FA1
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0066
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0055
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0044
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE000C
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0253000A
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02530025
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02530FEF
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02770000
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02770F65
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02770F76
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02770F87
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02770044
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02770FBD
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02770F2F
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0277006B
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027700B4
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027700A3
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02770EF6
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02770FAC
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02770011
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02770F4A
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02770033
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02770022
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02770092
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025B0022
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025B0F94
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025B0FDB
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025B0011
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025B0047
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 025B0FA5
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [7B, 8A] {JNP 0xffffffffffffff8c}
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025B0FB6
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025A0038
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!system 77C293C7 5 Bytes JMP 025A0FB7
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025A0016
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025A0FE3
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025A0027
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025A0FD2
.text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0259000A
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02550FE5
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02550FCA
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02550FB9
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0255000A
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660086
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660075
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F91
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0066004E
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FAC
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006600A3
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F5B
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660F36
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006600CF
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006600EA
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0066003D
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660F6C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006600BE
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0065009B
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640069
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640044
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640029
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0064000C
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10065
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C1004A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F70
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C1002F
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F29
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F3A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10EFA
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10093
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10EDF
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F55
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10014
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10082
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C0006F
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00054
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0F75
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FAB
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0F9A
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FC6
.text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10076
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10F83
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10040
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D10091
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10F55
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F1D
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D100AC
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D10F0C
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10F9E
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10F66
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D10F2E
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D00054
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00039
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D00F97
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F0, 88]
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0F81
.text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF000C
.text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FC1
.text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0FA6
.text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0FD2
.text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0099002C
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099001B
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D007D
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D006C
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D005B
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F9E
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F46
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F6D
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F1A
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00B3
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D00CE
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D008E
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D002F
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F35
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FA1
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0FB2
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0022
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FC3
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0011
.text C:\WINDOWS\system32\svchost.exe[1816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0000
.text C:\WINDOWS\Explorer.EXE[2108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01540FEF
.text C:\WINDOWS\Explorer.EXE[2108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01540025
.text C:\WINDOWS\Explorer.EXE[2108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0154000A
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0165000A
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0165008C
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01650F97
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01650065
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01650FB2
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0165004A
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01650F5F
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016500A7
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01650F4E
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016500E7
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01650F33
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01650FC3
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0165001B
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01650F7C
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01650FD4
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01650FE5
.text C:\WINDOWS\Explorer.EXE[2108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016500CC
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01640014
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01640040
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01640FC3
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01640FDE
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01640F8D
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01640FEF
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01640F9E
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 89]
.text C:\WINDOWS\Explorer.EXE[2108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01640025
.text C:\WINDOWS\Explorer.EXE[2108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01570FC1
.text C:\WINDOWS\Explorer.EXE[2108] msvcrt.dll!system 77C293C7 5 Bytes JMP 0157004C
.text C:\WINDOWS\Explorer.EXE[2108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01570FD2
.text C:\WINDOWS\Explorer.EXE[2108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01570FEF
.text C:\WINDOWS\Explorer.EXE[2108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01570031
.text C:\WINDOWS\Explorer.EXE[2108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0157000C
.text C:\WINDOWS\Explorer.EXE[2108] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01550FEF
.text C:\WINDOWS\Explorer.EXE[2108] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01550000
.text C:\WINDOWS\Explorer.EXE[2108] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0155001B
.text C:\WINDOWS\Explorer.EXE[2108] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0155002C
.text C:\WINDOWS\Explorer.EXE[2108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0156000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150022
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F77
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270076
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F92
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270040
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270098
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F50
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700D5
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700C4
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F21
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270051
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270087
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027002F
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700B3
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F79
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 03A207E0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03A20B40 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 058C9471 C:\Program Files\STOPzilla!\SZIEBHO.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 058C942B C:\Program Files\STOPzilla!\SZIEBHO.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 03A20A50 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 03A20960 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 03A20CC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03A1FAC0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 03A20DA0 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 03A1FC20 C:\Documents and Settings\Jessie Adams\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] msvcrt.dll!system 77C293C7 5 Bytes JMP 0037004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02182840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02182720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 021829E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02182AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0119000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01190FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0119001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0119002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3132] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01EB0000
.text C:\WINDOWS\system32\dllhost.exe[3724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\system32\dllhost.exe[3724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FAF
.text C:\WINDOWS\system32\dllhost.exe[3724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FD4
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F7C
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0071
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0054
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0043
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00B0
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B009F
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00D2
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F39
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00E3
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F97
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0082
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\dllhost.exe[3724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00C1
.text C:\WINDOWS\system32\dllhost.exe[3724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA3
.text C:\WINDOWS\system32\dllhost.exe[3724] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\system32\dllhost.exe[3724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\dllhost.exe[3724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0038
.text C:\WINDOWS\system32\dllhost.exe[3724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\dllhost.exe[3724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0047
.text C:\WINDOWS\system32\dllhost.exe[3724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\dllhost.exe[3772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\dllhost.exe[3772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009002C
.text C:\WINDOWS\system32\dllhost.exe[3772] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0058
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F9B
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F46
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B008E
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F13
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F24
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0EF8
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\dllhost.exe[3772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F35
.text C:\WINDOWS\system32\dllhost.exe[3772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA3
.text C:\WINDOWS\system32\dllhost.exe[3772] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A002E
.text C:\WINDOWS\system32\dllhost.exe[3772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\system32\dllhost.exe[3772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\system32\dllhost.exe[3772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B002C
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0065
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FDB
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0011
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F9E
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\dllhost.exe[3772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\system32\dllhost.exe[3772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\szkg5 \Device\MSProcess szkg.sys

AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x058C0000
Library C:\WINDOWS\system32\iS3Base5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x63100000
Library C:\WINDOWS\system32\iS3UI5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x64200000
Library C:\WINDOWS\system32\iS3HTUI5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x059D0000
Library C:\WINDOWS\system32\SZBase5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x65000000
Library C:\WINDOWS\system32\iS3Win325.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x64400000
Library C:\WINDOWS\system32\iS3Svc5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x64100000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1296] 0x07370000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x058C0000
Library C:\WINDOWS\system32\iS3Base5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x63100000
Library C:\WINDOWS\system32\iS3UI5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x64200000
Library C:\WINDOWS\system32\iS3HTUI5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x059D0000
Library C:\WINDOWS\system32\SZBase5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x65000000
Library C:\WINDOWS\system32\iS3Win325.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x64400000
Library C:\WINDOWS\system32\iS3Svc5.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x64100000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3132] 0x08DC0000

---- EOF - GMER 1.0.15 ----

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 14 March 2011 - 09:14 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users