Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups for System Tool


  • This topic is locked This topic is locked
2 replies to this topic

#1 davedog

davedog

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 23 May 2011 - 09:03 AM

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-23 10:00:52
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.VBM2
Running: gmer.exe; Driver: C:\Users\stampn\AppData\Local\Temp\fxroapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8BB7F68A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8BB7F5E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8BB7F5FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8BB7F612]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BB7F6C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8BB7F64E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8BB7F69E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8BB7F676]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8BB7F662]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8BB7F63A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8BB7F626]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BB7F6F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BB7F6DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BB7F6B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 83276138 5 Bytes JMP 8BB7F6B8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8328E589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 83445047 5 Bytes JMP 8BB7F652 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8349635E 5 Bytes JMP 8BB7F68E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 834988E5 5 Bytes JMP 8BB7F62A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 834A12BC 5 Bytes JMP 8BB7F616 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 834AD01D 5 Bytes JMP 8BB7F6FB \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 834C71BC 5 Bytes JMP 8BB7F6E2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 834CA3B7 7 Bytes JMP 8BB7F6CC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 834CB121 7 Bytes JMP 8BB7F6A2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 834E1435 5 Bytes JMP 8BB7F666 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 834E85A2 5 Bytes JMP 8BB7F67A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 835262A9 5 Bytes JMP 8BB7F5EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 835262F4 7 Bytes JMP 8BB7F600 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 835271B7 5 Bytes JMP 8BB7F63E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE peauth.sys AD671BEC 111 Bytes [10, 49, EA, 24, 49, 1C, 3D, ...]
? C:\Users\stampn\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[552] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 003A0F32
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 003A0087
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 003A0076
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 003A0FD4
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 003A0F4D
.text C:\Windows\system32\services.exe[552] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 003A004A
.text C:\Windows\system32\services.exe[552] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 003A0F72
.text C:\Windows\system32\services.exe[552] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 003A0F8D
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 003A000A
.text C:\Windows\system32\services.exe[552] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 003A0ED7
.text C:\Windows\system32\services.exe[552] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 003A0FC3
.text C:\Windows\system32\services.exe[552] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 003A0FA8
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\services.exe[552] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 003A0F17
.text C:\Windows\system32\services.exe[552] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 003A001B
.text C:\Windows\system32\services.exe[552] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 003A0EFC
.text C:\Windows\system32\services.exe[552] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 003A005B
.text C:\Windows\system32\services.exe[552] msvcrt.dll!_open 75D87E48 5 Bytes JMP 003B000C
.text C:\Windows\system32\services.exe[552] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 003B004B
.text C:\Windows\system32\services.exe[552] msvcrt.dll!system 75DBB16F 5 Bytes JMP 003B0FC0
.text C:\Windows\system32\services.exe[552] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 003B0029
.text C:\Windows\system32\services.exe[552] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 003B003A
.text C:\Windows\system32\services.exe[552] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 003B0FEF
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 0040000A
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00400FC3
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00400FB2
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00400054
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00400025
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00400079
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00400FEF
.text C:\Windows\system32\services.exe[552] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00400FDE
.text C:\Windows\system32\services.exe[552] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00410FEF
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 001B0F79
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 001B00D8
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 001B0F43
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 001B001B
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 001B0F8A
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 001B007D
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 001B0062
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 001B0047
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 001B0FD4
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 001B0F28
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 001B0FB9
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 001B0036
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 001B0F54
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 001B000A
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 001B00B3
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 001B0098
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_open 75D87E48 5 Bytes JMP 001C000C
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 001C005D
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!system 75DBB16F 5 Bytes JMP 001C004C
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 001C001D
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 001C0FD2
.text C:\Windows\system32\lsass.exe[568] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00610FE5
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00610FA8
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00610025
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00610F83
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00610FD4
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00610F68
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00610FB9
.text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 0061000A
.text C:\Windows\system32\lsass.exe[568] WS2_32.dll!socket 758A3F00 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00420F3C
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00420F10
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00420F21
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00420FD4
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00420F4D
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00420F79
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00420051
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00420040
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00420FE5
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00420EFF
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00420FAF
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00420F94
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00420000
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 0042008A
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 0042001B
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 0042009B
.text C:\Windows\system32\svchost.exe[720] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00420F68
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00D10F95
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00D10FA6
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00D10FC1
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00D1000C
.text C:\Windows\system32\svchost.exe[720] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00D10FDE
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00D20FC0
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00D20F9B
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00D2003D
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00D20FE5
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00D20F8A
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00D20011
.text C:\Windows\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00D2002C
.text C:\Windows\system32\svchost.exe[720] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00410000
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 002A0F50
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 002A0EF8
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 002A0F09
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 002A0FA8
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 002A0F61
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 002A006F
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 002A0F8D
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 002A004A
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 002A0FD4
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 002A009E
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 002A001E
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 002A0039
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 002A0F35
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 75C3D5BF 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 002A0FC3
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 002A0F1A
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 002A0F7C
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_open 75D87E48 5 Bytes JMP 003F0000
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 003F0F90
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!system 75DBB16F 5 Bytes JMP 003F001B
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 003F0FC6
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 003F0FB5
.text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 003F0FE3
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00400000
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00400FC0
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00400F94
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00400FAF
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00400011
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00400051
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00400FD1
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 0040002C
.text C:\Windows\system32\svchost.exe[824] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00B700A9
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00B700D8
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00B70F39
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00B7003D
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00B70098
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00B70F8A
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00B70FA5
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00B70FB6
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00B7001B
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00B70F1E
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00B70FD1
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00B7004E
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00B70000
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00B70F5B
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00B7002C
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00B70F4A
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00B7007D
.text C:\Windows\System32\svchost.exe[916] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00B90000
.text C:\Windows\System32\svchost.exe[916] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00B90038
.text C:\Windows\System32\svchost.exe[916] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00B90FB7
.text C:\Windows\System32\svchost.exe[916] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00B90FD2
.text C:\Windows\System32\svchost.exe[916] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00B9001D
.text C:\Windows\System32\svchost.exe[916] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00B90FE3
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00BA0FEF
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00BA0FBC
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00BA0F86
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00BA0F97
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00BA000A
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00BA0F75
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00BA0FDE
.text C:\Windows\System32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00BA0FCD
.text C:\Windows\System32\svchost.exe[916] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00B20000
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00A00F4D
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00A00F03
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00A000A2
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00A00FCA
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00A00F5E
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00A00F79
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00A00047
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00A00F94
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00A0001B
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00A00EF2
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00A00036
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00A00FAF
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00A00000
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00A00F28
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00A00FE5
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00A00091
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00A0006C
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00A10000
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00A10FA8
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00A1003D
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00A10FDE
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00A10FCD
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00A10FEF
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00A60000
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00A60FC0
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00A60FA5
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00A60047
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00A60FE5
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00A60F94
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00A6001B
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00A6002C
.text C:\Windows\System32\svchost.exe[956] WS2_32.dll!socket 758A3F00 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00EC0F21
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00EC0ED0
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00EC006F
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00EC0FC3
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00EC0F46
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00EC004A
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00EC0F7C
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00EC0F8D
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00EC000A
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00EC0EBF
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00EC0FA8
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00EC002F
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00EC0FEF
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00EC0F10
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00EC0FD4
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00EC0EF5
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00EC0F57
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00F50000
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00F50FCA
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00F50055
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00F5003A
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00F5001D
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 010D0000
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 010D0FE5
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 010D0FC0
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 010D0062
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 010D0025
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 010D007D
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 010D0036
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 010D0047
.text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00EB0FEF
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 001C009B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 001C0F32
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 001C0F43
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 001C0FCA
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 001C0F72
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 001C006F
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 001C0054
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 001C0F8D
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 001C0FE5
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 001C0F21
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 001C0FB9
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 001C0FA8
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 001C00AC
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 001C0025
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 001C00C7
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 001C0080
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_open 75D87E48 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 001D0044
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!system 75DBB16F 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 001D0029
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 001D000C
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00220F8D
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00220F9E
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00220FE5
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00220F72
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00220FC0
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00220FAF
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00240FEF
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010F4D
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 000100AC
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00010F17
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F68
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 0001006C
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010047
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FE5
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010EF2
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010036
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010FA5
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00010F32
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00010091
.text C:\Windows\Explorer.EXE[1368] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00060036
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00060FAF
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00060047
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00060FDE
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00060F9E
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00060014
.text C:\Windows\Explorer.EXE[1368] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00060025
.text C:\Windows\Explorer.EXE[1368] msvcrt.dll!_open 75D87E48 5 Bytes JMP 0007000C
.text C:\Windows\Explorer.EXE[1368] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00070049
.text C:\Windows\Explorer.EXE[1368] msvcrt.dll!system 75DBB16F 5 Bytes JMP 0007002E
.text C:\Windows\Explorer.EXE[1368] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 0007001D
.text C:\Windows\Explorer.EXE[1368] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00070FC8
.text C:\Windows\Explorer.EXE[1368] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00070FE3
.text C:\Windows\Explorer.EXE[1368] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 03760FEF
.text C:\Windows\Explorer.EXE[1368] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 0376000A
.text C:\Windows\Explorer.EXE[1368] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 0376001B
.text C:\Windows\Explorer.EXE[1368] WININET.dll!InternetOpenUrlW 76EAE0D4 3 Bytes JMP 03760FCA
.text C:\Windows\Explorer.EXE[1368] WININET.dll!InternetOpenUrlW + 4 76EAE0D8 1 Byte [8C]
.text C:\Windows\Explorer.EXE[1368] WS2_32.dll!socket 758A3F00 5 Bytes JMP 03A30000
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 0121009F
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 012100D5
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 01210F40
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 01210022
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 01210F80
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 01210F9B
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 01210069
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 01210FAC
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 01210FDB
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 01210F1B
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 0121003D
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 0121004E
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 01210000
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 012100B0
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 01210011
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 01210F51
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 0121008E
.text C:\Windows\system32\svchost.exe[1480] msvcrt.dll!_open 75D87E48 5 Bytes JMP 01220000
.text C:\Windows\system32\svchost.exe[1480] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 0122002C
.text C:\Windows\system32\svchost.exe[1480] msvcrt.dll!system 75DBB16F 5 Bytes JMP 0122001B
.text C:\Windows\system32\svchost.exe[1480] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 01220FC6
.text C:\Windows\system32\svchost.exe[1480] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 01220FB5
.text C:\Windows\system32\svchost.exe[1480] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 01220FD7
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 01230FE5
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 01230036
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 01230F94
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 01230FA5
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 01230FD4
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 01230047
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 0123000A
.text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 01230025
.text C:\Windows\system32\svchost.exe[1480] WS2_32.dll!socket 758A3F00 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 0098006C
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 009800AC
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00980F17
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 0098005B
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00980040
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00980025
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00980F68
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 009800C7
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00980FA8
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00980F83
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00980091
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00980F28
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00980F4D
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00990FE3
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 0099002C
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00990FAB
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00990011
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00990FBC
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 009E0F9E
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 009E0040
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 009E0FDE
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 009E0F8D
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 009E0014
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 009E0025
.text C:\Windows\system32\svchost.exe[1728] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 01080F68
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 01080F17
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 01080F3C
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 01080FC3
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 01080091
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 0108006F
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 01080F97
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 0108004A
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 01080FDE
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 010800C7
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 01080FB2
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 01080039
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 01080FEF
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 010800B6
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 01080014
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 01080F57
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 01080080
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_open 75D87E48 5 Bytes JMP 01090000
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 01090049
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!system 75DBB16F 5 Bytes JMP 01090FBE
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 0109002E
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 01090FD9
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 0109001D
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 010A0000
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 010A0058
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 010A0FB6
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 010A0FC7
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 010A0011
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 010A0069
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 010A002C
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 010A0047
.text C:\Windows\system32\svchost.exe[1764] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00F30FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010F06
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010EC9
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00010054
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 0001002F
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010014
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010083
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010F83
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00010EEB
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00010EDA
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010F2B
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 000C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 000C0054
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 000C008A
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 000C006F
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 000C0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 000C009B
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 000C0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 000C0039
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] msvcrt.dll!_open 75D87E48 5 Bytes JMP 000D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 000D006E
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] msvcrt.dll!system 75DBB16F 5 Bytes JMP 000D0053
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 000D001D
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 000D002E
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 000D0FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 6B8A83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!CallNextHookEx 75C9CC8F 5 Bytes JMP 6B889D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!CreateWindowExW 75CA0E51 5 Bytes JMP 6B898197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 6B84463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxIndirectParamW 75CC4AA7 5 Bytes JMP 6B9BFED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxParamW 75CC564A 5 Bytes JMP 6B7B4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxParamA 75CDCF6A 5 Bytes JMP 6B9BFE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxIndirectParamA 75CDD29C 5 Bytes JMP 6B9BFF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxIndirectA 75CEE8C9 5 Bytes JMP 6B9BFE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxIndirectW 75CEE9C3 5 Bytes JMP 6B9BFD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxExA 75CEEA29 5 Bytes JMP 6B9BFD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxExW 75CEEA4D 5 Bytes JMP 6B9BFCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ole32.dll!OleLoadFromStream 75A55BF6 5 Bytes JMP 6B9C022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ole32.dll!CoCreateInstance 75AA590C 5 Bytes JMP 6B898C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 000E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 000E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] WININET.dll!InternetOpenUrlA 76E5DBD0 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 000E0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 000E0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.DLL!socket 758A3F00 5 Bytes JMP 00F90000
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010098
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010F36
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 000100CB
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010076
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 0001001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010F11
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010051
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 000100A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000100BA
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010087
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 000C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 000C0058
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 000C007A
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 000C0069
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 000C001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 000C0FBD
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 000C002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 000C0047
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_open 75D87E48 5 Bytes JMP 000D000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 000D0FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!system 75DBB16F 5 Bytes JMP 000D0049
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 000D001D
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 000D002E
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 000D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateWindowExW 75CA0E51 5 Bytes JMP 6B898197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamW 75CC4AA7 5 Bytes JMP 6B9BFED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamW 75CC564A 5 Bytes JMP 6B7B4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamA 75CDCF6A 5 Bytes JMP 6B9BFE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamA 75CDD29C 5 Bytes JMP 6B9BFF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectA 75CEE8C9 5 Bytes JMP 6B9BFE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectW 75CEE9C3 5 Bytes JMP 6B9BFD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExA 75CEEA29 5 Bytes JMP 6B9BFD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExW 75CEEA4D 5 Bytes JMP 6B9BFCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 000E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 000E0011
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 000E0FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 000E0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ws2_32.DLL!socket 758A3F00 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010F3C
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00010F57
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010076
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 000100EC
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00010F7C
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000100D1
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 000100AC
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00060FAD
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00060FC8
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 0006002E
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 0006001D
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00130F94
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00130F68
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00130F79
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00130FDB
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00130F57
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00130FCA
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00130FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010087
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010F1E
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 000100B3
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F54
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010062
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010051
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 000100CE
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010040
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00010F43
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000100A2
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 000C0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 000C0F79
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 000C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 000C0F68
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 000C0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 000C0F57
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 000C0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 000C0F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] msvcrt.dll!_open 75D87E48 5 Bytes JMP 000D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 000D0F90
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] msvcrt.dll!system 75DBB16F 5 Bytes JMP 000D0FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 000D0011
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 000D0FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 000D0FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogParamW 75C99BFF 5 Bytes JMP 6B7EC5A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!EnableWindow 75C9A72E 5 Bytes JMP 6B7EC523 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!GetAsyncKeyState 75C9C09A 5 Bytes JMP 6B7AD6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 6B8A83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CallNextHookEx 75C9CC8F 5 Bytes JMP 6B889D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateWindowExW 75CA0E51 5 Bytes JMP 6B898197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 6B84463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!GetKeyState 75CA4FDA 5 Bytes JMP 6B7ED79A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!IsDialogMessageW 75CA6F06 5 Bytes JMP 6B7B4284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogParamA 75CB3E79 5 Bytes JMP 6B9C0ACE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!IsDialogMessage 75CB407A 5 Bytes JMP 6B9C036F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogIndirectParamA 75CB9110 5 Bytes JMP 6B9C0B05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogIndirectParamW 75CC08AD 5 Bytes JMP 6B9C0B3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxIndirectParamW 75CC4AA7 5 Bytes JMP 6B9BFED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!EndDialog 75CC555C 5 Bytes JMP 6B7B5AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxParamW 75CC564A 5 Bytes JMP 6B7B4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SetKeyboardState 75CC6B52 5 Bytes JMP 6B9C06D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SendInput 75CC7055 5 Bytes JMP 6B9C1298 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SetCursorPos 75CDC1D8 5 Bytes JMP 6B9C12F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxParamA 75CDCF6A 5 Bytes JMP 6B9BFE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxIndirectParamA 75CDD29C 5 Bytes JMP 6B9BFF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxIndirectA 75CEE8C9 5 Bytes JMP 6B9BFE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxIndirectW 75CEE9C3 5 Bytes JMP 6B9BFD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxExA 75CEEA29 5 Bytes JMP 6B9BFD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxExW 75CEEA4D 5 Bytes JMP 6B9BFCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!keybd_event 75CEEC9B 5 Bytes JMP 6B9C1623 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] SHELL32.dll!SHChangeNotification_Lock + 45BA 75F3B440 4 Bytes [11, 36, 22, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] SHELL32.dll!SHChangeNotification_Lock + 45C2 75F3B448 8 Bytes [5F, 35, 22, 68, D0, 73, 21, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ole32.dll!OleLoadFromStream 75A55BF6 5 Bytes JMP 6B9C022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ole32.dll!CoCreateInstance 75AA590C 5 Bytes JMP 6B898C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 000E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 000E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 000E0025
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 000E0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3088] ws2_32.DLL!socket 758A3F00 5 Bytes JMP 00D00000
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00020F68
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00020F39
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 000200CE
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 0002000A
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00020F83
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00020076
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 0002005B
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 0002004A
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 000200DF
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00020025
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00020FA8
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00020FE5
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 000200AC
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateNamedPipeA 75C3D5BF 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00020FC3
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000200BD
.text C:\Windows\system32\svchost.exe[3252] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00020087
.text C:\Windows\system32\svchost.exe[3252] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[3252] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00060F97
.text C:\Windows\system32\svchost.exe[3252] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00060FBC
.text C:\Windows\system32\svchost.exe[3252] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00060FD7
.text C:\Windows\system32\svchost.exe[3252] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 0006002C
.text C:\Windows\system32\svchost.exe[3252] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00070014
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 0007002F
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[3252] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[3252] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00220000
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010F6F
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010F40
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 000100D5
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F80
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010073
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010058
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010F9B
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FDB
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010F1B
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010036
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010047
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 000100B3
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000100C4
.text C:\Windows\System32\svchost.exe[3300] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 0001008E
.text C:\Windows\System32\svchost.exe[3300] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00060FE3
.text C:\Windows\System32\svchost.exe[3300] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00060058
.text C:\Windows\System32\svchost.exe[3300] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00060033
.text C:\Windows\System32\svchost.exe[3300] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[3300] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00060022
.text C:\Windows\System32\svchost.exe[3300] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00080033
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00080069
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 0008004E
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 0008007A
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00080011
.text C:\Windows\System32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00080022
.text C:\Windows\System32\svchost.exe[3300] WS2_32.dll!socket 758A3F00 5 Bytes JMP 002C0FE5
.text C:\Windows\System32\svchost.exe[3300] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 002D0000
.text C:\Windows\System32\svchost.exe[3300] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 002D0FEF
.text C:\Windows\System32\svchost.exe[3300] WININET.dll!InternetOpenUrlA 76E5DBD0 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3300] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 002D0FD4
.text C:\Windows\System32\svchost.exe[3300] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 002D001B
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010F8D
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010F46
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 000100DB
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010040
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 000100B6
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 0001009B
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!LoadLibraryExW 75BFB6BF 1 Byte [E9]
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010FC3
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010080
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010014
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010F2B
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010051
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010FD4
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 00010F7C
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010025
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00010F61
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010F9E
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 000D0FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 000D0FA1
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 000D0032
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 000D0F90
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 000D0FD4
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 000D0F6B
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 000D0FC3
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 000D0FB2
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] msvcrt.dll!_open 75D87E48 5 Bytes JMP 000E0FE3
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 000E0036
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] msvcrt.dll!system 75DBB16F 5 Bytes JMP 000E001B
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 000E0FC6
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 000E0FB5
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 000E0000
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 000F0000
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 000F001B
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 000F002C
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 000F0047
.text C:\Program Files\WinZip\WINZIP32.EXE[4324] WS2_32.dll!socket 758A3F00 5 Bytes JMP 00200000
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010069
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 000100B0
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00010095
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010011
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010058
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010F5B
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010F76
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010033
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010EF6
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010022
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010F9B
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 0001007A
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 00010F1B
.text C:\Windows\System32\svchost.exe[4400] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010F4A
.text C:\Windows\System32\svchost.exe[4400] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[4400] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[4400] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00060FAB
.text C:\Windows\System32\svchost.exe[4400] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[4400] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00060FC6
.text C:\Windows\System32\svchost.exe[4400] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00070040
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00070076
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00070091
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[4400] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00070025
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 000100A9
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 000100FA
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00010F5B
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010051
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010087
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 0001006C
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 0001001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010F4A
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 000100C4
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 0001002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000100D5
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010098
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 000C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 000C0036
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 000C005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 000C0FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 000C0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 000C0F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 000C001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 000C0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!_open 75D87E48 5 Bytes JMP 000D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 000D0FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!system 75DBB16F 5 Bytes JMP 000D0FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 000D0FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 000D0027
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!_wopen 75DC0570 3 Bytes JMP 000D000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] msvcrt.dll!_wopen + 4 75DC0574 1 Byte [8A]
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!CreateDialogParamW 75C99BFF 5 Bytes JMP 6B7EC5A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!EnableWindow 75C9A72E 5 Bytes JMP 6B7EC523 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!GetAsyncKeyState 75C9C09A 5 Bytes JMP 6B7AD6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!UnhookWindowsHookEx 75C9CC7B 5 Bytes JMP 6B8A83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!CallNextHookEx 75C9CC8F 5 Bytes JMP 6B889D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!CreateWindowExW 75CA0E51 5 Bytes JMP 6B898197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!SetWindowsHookExW 75CA210A 5 Bytes JMP 6B84463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!GetKeyState 75CA4FDA 5 Bytes JMP 6B7ED79A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!IsDialogMessageW 75CA6F06 5 Bytes JMP 6B7B4284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!CreateDialogParamA 75CB3E79 5 Bytes JMP 6B9C0ACE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!IsDialogMessage 75CB407A 5 Bytes JMP 6B9C036F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!CreateDialogIndirectParamA 75CB9110 5 Bytes JMP 6B9C0B05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!CreateDialogIndirectParamW 75CC08AD 5 Bytes JMP 6B9C0B3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!DialogBoxIndirectParamW 75CC4AA7 5 Bytes JMP 6B9BFED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!EndDialog 75CC555C 5 Bytes JMP 6B7B5AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!DialogBoxParamW 75CC564A 5 Bytes JMP 6B7B4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!SetKeyboardState 75CC6B52 5 Bytes JMP 6B9C06D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!SendInput 75CC7055 5 Bytes JMP 6B9C1298 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!SetCursorPos 75CDC1D8 5 Bytes JMP 6B9C12F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!DialogBoxParamA 75CDCF6A 5 Bytes JMP 6B9BFE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!DialogBoxIndirectParamA 75CDD29C 5 Bytes JMP 6B9BFF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!MessageBoxIndirectA 75CEE8C9 5 Bytes JMP 6B9BFE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!MessageBoxIndirectW 75CEE9C3 5 Bytes JMP 6B9BFD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!MessageBoxExA 75CEEA29 5 Bytes JMP 6B9BFD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!MessageBoxExW 75CEEA4D 5 Bytes JMP 6B9BFCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] USER32.dll!keybd_event 75CEEC9B 5 Bytes JMP 6B9C1623 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] SHELL32.dll!SHChangeNotification_Lock + 45BA 75F3B440 4 Bytes [11, 36, 22, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] SHELL32.dll!SHChangeNotification_Lock + 45C2 75F3B448 8 Bytes [5F, 35, 22, 68, D0, 73, 21, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ole32.dll!OleLoadFromStream 75A55BF6 5 Bytes JMP 6B9C022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ole32.dll!CoCreateInstance 75AA590C 5 Bytes JMP 6B898C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 000E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 000E0011
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 000E002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 000E0FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[4660] ws2_32.DLL!socket 758A3F00 5 Bytes JMP 00D80FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 00010F35
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 0001009B
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 00010F06
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 00010FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010054
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 00010F61
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010039
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 000100C0
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010F97
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 0001006F
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 0001000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 0001008A
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 00010F50
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 000C0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 000C0F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 000C0025
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 000C0F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 000C0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 000C0036
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 000C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 000C0FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] msvcrt.dll!_open 75D87E48 5 Bytes JMP 000D0FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 000D0038
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] msvcrt.dll!system 75DBB16F 5 Bytes JMP 000D001D
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 000D0FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 000D000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 000D0FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateWindowExW 75CA0E51 5 Bytes JMP 6B898197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamW 75CC4AA7 5 Bytes JMP 6B9BFED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamW 75CC564A 5 Bytes JMP 6B7B4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamA 75CDCF6A 5 Bytes JMP 6B9BFE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamA 75CDD29C 5 Bytes JMP 6B9BFF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectA 75CEE8C9 5 Bytes JMP 6B9BFE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectW 75CEE9C3 5 Bytes JMP 6B9BFD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExA 75CEEA29 5 Bytes JMP 6B9BFD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExW 75CEEA4D 5 Bytes JMP 6B9BFCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WININET.dll!InternetOpenA 76E57DDC 5 Bytes JMP 000E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WININET.dll!InternetOpenW 76E59D58 5 Bytes JMP 000E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WININET.dll!InternetOpenUrlA 76E5DBD0 5 Bytes JMP 000E0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WININET.dll!InternetOpenUrlW 76EAE0D4 5 Bytes JMP 000E0039
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ws2_32.DLL!socket 758A3F00 5 Bytes JMP 0036000A
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!GetStartupInfoA 75BB1DF0 5 Bytes JMP 000100BA
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateProcessW 75BB202D 5 Bytes JMP 00010108
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateProcessA 75BB2062 5 Bytes JMP 000100F7
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateNamedPipeW 75BE1FD6 5 Bytes JMP 0001002C
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreatePipe 75BE4A8B 5 Bytes JMP 00010F91
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!VirtualProtect 75BF50AB 5 Bytes JMP 0001008E
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryExW 75BFB6BF 5 Bytes JMP 00010073
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryExA 75BFBC8B 5 Bytes JMP 00010FB6
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateFileW 75C00B7D 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!GetProcAddress 75C01857 5 Bytes JMP 00010F58
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryA 75C02884 5 Bytes JMP 00010047
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!LoadLibraryW 75C028D2 5 Bytes JMP 00010058
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateFileA 75C0291C 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!GetStartupInfoW 75C07CD5 5 Bytes JMP 000100CB
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!CreateNamedPipeA 75C3D5BF 5 Bytes JMP 00010011
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!WinExec 75C3E76D 5 Bytes JMP 000100DC
.text C:\Windows\System32\svchost.exe[5832] kernel32.dll!VirtualProtectEx 75C3F729 5 Bytes JMP 0001009F
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_open 75D87E48 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_wsystem 75DBB04F 5 Bytes JMP 00060FAB
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!system 75DBB16F 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_creat 75DBED29 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_wcreat 75DC038E 5 Bytes JMP 00060FC6
.text C:\Windows\System32\svchost.exe[5832] msvcrt.dll!_wopen 75DC0570 5 Bytes JMP 00060FE3
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyA 7726D2ED 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyA 7726D3C1 5 Bytes JMP 00070FA8
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyExA 77271B71 5 Bytes JMP 00070F8D
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyW 77271CC0 5 Bytes JMP 0007002F
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyW 77273129 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegCreateKeyExW 7727B946 5 Bytes JMP 00070F72
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyExA 7727BC0D 5 Bytes JMP 00070FC3
.text C:\Windows\System32\svchost.exe[5832] ADVAPI32.dll!RegOpenKeyExW 7727BEC4 5 Bytes JMP 00070014

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cf7a550
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cf7a550 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:51 AM

Posted 27 May 2011 - 06:08 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:51 AM

Posted 31 May 2011 - 11:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users