Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

network connection keeps disappearing


  • This topic is locked This topic is locked
2 replies to this topic

#1 frog613

frog613

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 21 April 2011 - 11:49 PM

when i close my laptop and not power down i keep losing my network connection from my device manager. the only way i have found to get it back is to do a system restore.
when creating the DDS log i got the following error pop up.....Can't find script engine "VBSCRIPT" for script "C:\Users\Samantha\AppData\Local\Temp\MSGB.PIF".

also, my mcafee real-time scanning keeps turning off. that is fixed with the mcafee virtual technician.

ARK.TXT.....couldnt attach for some reason.....


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-22 00:46:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS421280H9AT00 rev.HA3OA70S
Running: gmer.exe; Driver: C:\Users\Samantha\AppData\Local\Temp\agtyrkow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x860400B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x860400E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x860400CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x860400A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82275982 5 Bytes JMP 860400A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8243B0D3 5 Bytes JMP 860400E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8245A82A 7 Bytes JMP 860400BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8245AAED 2 Bytes JMP 860400D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection + 3 8245AAF0 2 Bytes [BE, 03]
? C:\Users\Samantha\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 005F0FEF
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 005F002F
.text C:\Windows\system32\services.exe[692] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 005F000A
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00600F7A
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 006000C0
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00600107
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 006000EC
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00600FA6
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00600014
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00600FCD
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00600F95
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00600080
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00600054
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 0060006F
.text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00600043
.text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 006000A5
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00600F5F
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00600FDE
.text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00600FEF
.text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 006000DB
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 007F0F80
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 007F0FAF
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 007F0000
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 007F002C
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 007F0F6F
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 007F0FE5
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 007F001B
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 007F0FC0
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00800049
.text C:\Windows\system32\services.exe[692] msvcrt.dll!system 765B804B 5 Bytes JMP 00800038
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00800FD2
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_open 765BD106 5 Bytes JMP 00800FEF
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00800027
.text C:\Windows\system32\services.exe[692] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 0080000C
.text C:\Windows\system32\services.exe[692] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00810000
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 001F0FCA
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00200F68
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 002000A4
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00200F2B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 00200F46
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00200082
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00200FDE
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00200FC3
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00200093
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00200F9E
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 0020004A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 0020005B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00200039
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00200F8D
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00200F10
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00200014
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00200F57
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00210F83
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 00210025
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00210000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00210F9E
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00210F72
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 00210FD4
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00210FE5
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00210FB9
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 765B7F2F 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00220033
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!system 765B804B 5 Bytes JMP 00220FA8
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00220FDE
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_open 765BD106 5 Bytes JMP 0022000C
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00220FB9
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00220FEF
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00840000
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 001D0069
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 001D0F23
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 001D0ED2
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 001D0EED
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 001D0011
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 001D0FC0
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 001D004E
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 001D0F54
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 001D0F80
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 001D0F6F
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 001D0FA5
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 001D003D
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 001D007A
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 001D0F08
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00200FBE
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!system 765B804B 5 Bytes JMP 00200049
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 0020001D
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_open 765BD106 5 Bytes JMP 0020000C
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00200038
.text C:\Windows\system32\svchost.exe[880] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 001F0FC0
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 001F0047
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 001F0058
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 001F0036
.text C:\Windows\system32\svchost.exe[880] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 00110FEF
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 0011001B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 001B0F6A
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 001B00B0
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 001B00DC
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 001B00CB
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 001B0084
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 001B0036
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 001B0047
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 001B0095
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 001B0073
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 001B0062
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 001B0FB6
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 001B0FDB
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 001B0F85
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 001B00F7
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 001B0F4F
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 001D0FB4
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!system 765B804B 5 Bytes JMP 001D003F
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 001D0FD9
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_open 765BD106 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 001D002E
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 001D001D
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 001C0036
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 001C0FA8
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 001C0025
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 001C0047
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[944] WS2_32.dll!socket 77B136D1 5 Bytes JMP 001F0000
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 00270FCA
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 00270000
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 001B0F94
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 001B00DA
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 001B011A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 001B0F83
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 001B009A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 001B0036
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 001B0051
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 001B0FA5
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 001B0FC0
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 001B0FDB
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 001B007D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 001B0062
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 001B00B5
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 762A903B 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 001B013F
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 001B0011
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 001B0000
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 001B00F5
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00BD0FC3
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!system 765B804B 5 Bytes JMP 00BD004E
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00BD0FDE
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_open 765BD106 5 Bytes JMP 00BD0000
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00BD003D
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00BD0FEF
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00280F9E
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 0028002F
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00280040
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00280F8D
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 0028001E
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00280FCD
.text C:\Windows\System32\svchost.exe[1092] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00BE0000
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 01030000
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 01030FCA
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 01030FE5
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 010200A2
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 01020F5C
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 01020F26
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 01020F41
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 01020073
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 01020FD4
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 0102002F
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 01020F6D
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 01020062
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 01020FB9
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 01020051
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 01020040
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 01020F88
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 01020F15
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 01020FE5
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 0102000A
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 010200B3
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 01490F90
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!system 765B804B 5 Bytes JMP 01490FAB
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 01490FC6
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_open 765BD106 5 Bytes JMP 01490FE3
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 0149001B
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 01490000
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 01480036
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 01480F9E
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 0148000A
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 01480025
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 01480047
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 01480FD4
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 01480FEF
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 01480FB9
.text C:\Windows\System32\svchost.exe[1120] WS2_32.dll!socket 77B136D1 5 Bytes JMP 014E0FEF
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 008F0FDB
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00850F4B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 00850F66
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00850F1F
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 008500AC
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00850F92
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00850FDE
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00850039
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00850F81
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 0085006C
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 0085005B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 0085004A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00850091
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 008500D1
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 0085000A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00850F3A
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00950064
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 765B804B 5 Bytes JMP 00950FD9
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00950038
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 765BD106 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00950053
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 0095001D
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00900051
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 00900FAF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00900040
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 0090006C
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 00900FDB
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00900011
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00900FCA
.text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenA 77464E2B 5 Bytes JMP 01180FE5
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 7746BFCE 5 Bytes JMP 01180FC3
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenW 7749C03E 5 Bytes JMP 01180FD4
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 774CD722 5 Bytes JMP 01180014
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 00160FCA
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 00160000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00150F54
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 0015009A
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00150F0D
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 00150F1E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 0015005D
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00150FB9
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00150089
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00150F83
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00150025
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00150036
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00150F9E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 0015006E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00150EE8
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00150FCA
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00150F39
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00180FA3
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!system 765B804B 5 Bytes JMP 00180FBE
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 0018002E
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_open 765BD106 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00180FD9
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00180011
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00170FB9
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtCreateFile 779A4224 3 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtCreateFile + 4 779A4228 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtCreateProcess 779A42E4 3 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtCreateProcess + 4 779A42E8 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 779A4B84 3 Bytes JMP 009B0FE5
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory + 4 779A4B88 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00820F6F
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 008200B5
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00820F4D
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 008200DA
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 0082009A
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00820FDB
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 0082002C
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00820F94
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00820FB6
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00820058
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00820073
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00820047
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00820FA5
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 008200FF
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00820011
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00820000
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00820F5E
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 01450FBC
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!system 765B804B 5 Bytes JMP 0145003D
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 01450011
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_open 765BD106 5 Bytes JMP 01450000
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 01450022
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 01450FD7
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00DB0025
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 00DB0FA8
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00DB0FEF
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00DB0F83
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00DB0040
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00DB0FDE
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00DB0FB9
.text C:\Windows\system32\svchost.exe[1280] WS2_32.dll!socket 77B136D1 5 Bytes JMP 014E0000
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenA 77464E2B 5 Bytes JMP 01400FEF
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlA 7746BFCE 5 Bytes JMP 01400FB9
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenW 7749C03E 5 Bytes JMP 01400FD4
.text C:\Windows\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlW 774CD722 5 Bytes JMP 0140000A
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 008A002F
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00890053
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 00890F0D
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00890EC6
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 00890EE1
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00890038
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00890FCA
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00890FB9
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00890F28
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 76289109 3 Bytes JMP 00890F5E
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW + 4 7628910D 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00890F94
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00890F79
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 0089001B
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00890F43
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00890EAB
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00890EF2
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 008C0FBC
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!system 765B804B 5 Bytes JMP 008C0FCD
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 008C0022
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_open 765BD106 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 008C003D
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 008C0011
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 008B0051
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 008B0FA5
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 008B0062
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 008B0FCA
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 008B001B
.text C:\Windows\system32\svchost.exe[1572] WS2_32.dll!socket 77B136D1 5 Bytes JMP 008D0FE5
.text C:\Windows\system32\svchost.exe[1580] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00780FE5
.text C:\Windows\system32\svchost.exe[1580] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 00780FC3
.text C:\Windows\system32\svchost.exe[1580] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 00780FD4
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00220F19
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 00220069
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00220EDC
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 00220EF7
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00220F63
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00220FD4
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00220FAF
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00220F48
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00220047
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00220036
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00220F94
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00220025
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00220058
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00220ECB
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1580] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00220F08
.text C:\Windows\system32\svchost.exe[1580] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 007E0FC3
.text C:\Windows\system32\svchost.exe[1580] msvcrt.dll!system 765B804B 5 Bytes JMP 007E0044
.text C:\Windows\system32\svchost.exe[1580] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 007E0033
.text C:\Windows\system32\svchost.exe[1580] msvcrt.dll!_open 765BD106 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1580] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 007E0FD4
.text C:\Windows\system32\svchost.exe[1580] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 007E0FEF
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00790047
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 0079002C
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00790FAF
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00790058
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 00790FCA
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00790FE5
.text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 0079001B
.text C:\Windows\system32\svchost.exe[1580] WS2_32.dll!socket 77B136D1 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 0028002C
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 00280011
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00210F7E
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 002100BA
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 00210F3E
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 002100D5
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 0021008E
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 0021002F
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 002100A9
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00210073
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00210051
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00210062
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00210040
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00210F99
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00210F23
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00210F63
.text C:\Windows\system32\svchost.exe[1584] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00740058
.text C:\Windows\system32\svchost.exe[1584] msvcrt.dll!system 765B804B 5 Bytes JMP 00740047
.text C:\Windows\system32\svchost.exe[1584] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 0074001B
.text C:\Windows\system32\svchost.exe[1584] msvcrt.dll!_open 765BD106 5 Bytes JMP 00740FE3
.text C:\Windows\system32\svchost.exe[1584] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00740036
.text C:\Windows\system32\svchost.exe[1584] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 002B0051
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 002B002F
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 002B0FE5
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 002B0040
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 002B006C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 002B0FCA
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 002B0FB9
.text C:\Windows\system32\svchost.exe[1584] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00750000
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 01620FEF
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 01620FCD
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 01620FDE
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 016100B7
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 016100A6
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 01610F3B
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 016100D2
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 01610069
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 01610022
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 01610FC7
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 01610095
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 01610F85
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 01610FAC
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 0161004E
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 0161003D
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 0161007A
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 01610F20
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 01610011
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 01610000
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 01610F56
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 01680F92
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!system 765B804B 5 Bytes JMP 01680FB7
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 01680FE3
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_open 765BD106 5 Bytes JMP 01680000
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 01680FD2
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 0168001D
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 01630040
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 01630FAF
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 01630000
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 01630F9E
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 01630065
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 01630FC0
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 01630FE5
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 0163001B
.text C:\Windows\system32\svchost.exe[1788] WS2_32.dll!socket 77B136D1 5 Bytes JMP 01690FE5
.text C:\Windows\System32\svchost.exe[1948] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[1948] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 00060022
.text C:\Windows\System32\svchost.exe[1948] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00050F5F
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 000500AF
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 000500CA
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 00050F33
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00050F95
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00050FC3
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00050F84
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 0005006F
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 00050054
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00050FB2
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 0005002F
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 00050094
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 000500DB
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 00050014
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[1948] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00050F44
.text C:\Windows\System32\svchost.exe[1948] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00100FB2
.text C:\Windows\System32\svchost.exe[1948] msvcrt.dll!system 765B804B 5 Bytes JMP 0010003D
.text C:\Windows\System32\svchost.exe[1948] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00100022
.text C:\Windows\System32\svchost.exe[1948] msvcrt.dll!_open 765BD106 5 Bytes JMP 00100000
.text C:\Windows\System32\svchost.exe[1948] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00100FCD
.text C:\Windows\System32\svchost.exe[1948] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00100011
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 000F0F72
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 000F0FA8
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 000F0F8D
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 000F0F57
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 000F0FDE
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 000F000A
.text C:\Windows\System32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 000F0FC3
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2036] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 70419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2036] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 70419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 00040022
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 00010F21
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 00010F3C
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 0001008C
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 00010EF5
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 0001002F
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 0001005D
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 00010EDA
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 00010F06
.text C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 0006005A
.text C:\Windows\system32\svchost.exe[2524] msvcrt.dll!system 765B804B 5 Bytes JMP 00060049
.text C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_open 765BD106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00060038
.text C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 0006001D
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00070F86
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00070F97
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00070F61
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00070FC3
.text C:\Windows\system32\svchost.exe[2524] WS2_32.dll!socket 77B136D1 5 Bytes JMP 00080000
.text C:\Windows\Explorer.EXE[2536] ntdll.dll!NtCreateFile 779A4224 5 Bytes JMP 008D0000
.text C:\Windows\Explorer.EXE[2536] ntdll.dll!NtCreateProcess 779A42E4 5 Bytes JMP 008D0036
.text C:\Windows\Explorer.EXE[2536] ntdll.dll!NtProtectVirtualMemory 779A4B84 5 Bytes JMP 008D001B
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!GetStartupInfoW 76261929 5 Bytes JMP 008B00B0
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!GetStartupInfoA 762619C9 5 Bytes JMP 008B009F
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreateProcessW 76261BF3 5 Bytes JMP 008B00D2
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreateProcessA 76261C28 5 Bytes JMP 008B00C1
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!VirtualProtect 76261DC3 5 Bytes JMP 008B0F8F
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreateNamedPipeA 76262EF5 5 Bytes JMP 008B001B
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreateNamedPipeW 76265C0C 5 Bytes JMP 008B002C
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreatePipe 76288E6E 5 Bytes JMP 008B0F74
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!LoadLibraryExW 76289109 5 Bytes JMP 008B0FA0
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!LoadLibraryW 76289362 5 Bytes JMP 008B0058
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!LoadLibraryExA 762894B4 5 Bytes JMP 008B0069
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!LoadLibraryA 762894DC 5 Bytes JMP 008B0047
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!VirtualProtectEx 7628DBDA 5 Bytes JMP 008B0084
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!GetProcAddress 762A903B 5 Bytes JMP 008B00E3
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreateFileW 762AAECB 5 Bytes JMP 008B0FE5
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!CreateFileA 762ACE5F 5 Bytes JMP 008B0000
.text C:\Windows\Explorer.EXE[2536] kernel32.dll!WinExec 762F5CF7 5 Bytes JMP 008B0F45
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyExA 764339AB 5 Bytes JMP 00900F7C
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyA 76433BA9 5 Bytes JMP 00900FA8
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyA 764389C7 5 Bytes JMP 00900FEF
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyW 7644391E 5 Bytes JMP 00900F8D
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegCreateKeyExW 764441F1 5 Bytes JMP 00900F6B
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyExA 76447C42 5 Bytes JMP 00900FB9
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyW 7644E2B5 5 Bytes JMP 00900FCA
.text C:\Windows\Explorer.EXE[2536] ADVAPI32.dll!RegOpenKeyExW 76457BA1 5 Bytes JMP 00900014
.text C:\Windows\Explorer.EXE[2536] msvcrt.dll!_wsystem 765B7F2F 5 Bytes JMP 00920FA1
.text C:\Windows\Explorer.EXE[2536] msvcrt.dll!system 765B804B 5 Bytes JMP 00920FBC
.text C:\Windows\Explorer.EXE[2536] msvcrt.dll!_creat 765BBBE1 5 Bytes JMP 00920FDE
.text C:\Windows\Explorer.EXE[2536] msvcrt.dll!_open 765BD106 5 Bytes JMP 00920000
.text C:\Windows\Explorer.EXE[2536] msvcrt.dll!_wcreat 765BD326 5 Bytes JMP 00920FCD
.text C:\Windows\Explorer.EXE[2536] msvcrt.dll!_wopen 765BD501 5 Bytes JMP 00920FEF
.text C:\Windows\Explorer.EXE[2536] WININET.dll!InternetOpenA 77464E2B 5 Bytes JMP 00910FEF
.text C:\Windows\Explorer.EXE[2536] WININET.dll!InternetOpenUrlA 7746BFCE 5 Bytes JMP 00910025
.text C:\Windows\Explorer.EXE[2536] WININET.dll!InternetOpenW 7749C03E 5 Bytes JMP 00910014
.text C:\Windows\Explorer.EXE[2536] WININET.dll!InternetOpenUrlW 774CD722 5 Bytes JMP 00910036
.text C:\Windows\Explorer.EXE[2536] WS2_32.dll!socket 77B136D1 5 Bytes JMP 027F000A
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + 6 779A422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + B 779A422F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 779A497A 1 Byte [28]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 779A497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + B 779A497F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + 6 779A4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + B 779A4A0F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + 6 779A4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + B 779A4A8F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + 6 779A4A9A 4 Bytes CALL 769A50A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + B 779A4A9F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + 6 779A4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + B 779A4AAF 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + 6 779A4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + B 779A4AFF 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + 6 779A4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + B 779A4B0F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + 6 779A4B1A 4 Bytes CALL 769A5121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + B 779A4B1F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + 6 779A4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + B 779A4BAF 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + 6 779A4C5A 4 Bytes CALL 769A525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + B 779A4C5F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + 6 779A513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + B 779A513F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + 6 779A518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + B 779A518F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 779A542A 1 Byte [68]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 779A542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + B 779A542F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtCreateFile + 6 779A422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtCreateFile + B 779A422F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + 6 779A497A 1 Byte [28]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + 6 779A497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtMapViewOfSection + B 779A497F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenFile + 6 779A4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenFile + B 779A4A0F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcess + 6 779A4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcess + B 779A4A8F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessToken + 6 779A4A9A 4 Bytes CALL 769A50A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessToken + B 779A4A9F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessTokenEx + 6 779A4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenProcessTokenEx + B 779A4AAF 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThread + 6 779A4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThread + B 779A4AFF 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadToken + 6 779A4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadToken + B 779A4B0F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadTokenEx + 6 779A4B1A 4 Bytes CALL 769A5121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtOpenThreadTokenEx + B 779A4B1F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryAttributesFile + 6 779A4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryAttributesFile + B 779A4BAF 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryFullAttributesFile + 6 779A4C5A 4 Bytes CALL 769A525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtQueryFullAttributesFile + B 779A4C5F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationFile + 6 779A513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationFile + B 779A513F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationThread + 6 779A518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtSetInformationThread + B 779A518F 1 Byte [E2]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtUnmapViewOfSection + 6 779A542A 1 Byte [68]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtUnmapViewOfSection + 6 779A542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe[5560] ntdll.dll!NtUnmapViewOfSection + B 779A542F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:01 PM

Posted 01 May 2011 - 04:13 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:01 PM

Posted 07 May 2011 - 10:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users