Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google ad redirect virus


  • Please log in to reply
22 replies to this topic

#1 coolman20610

coolman20610

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 23 September 2011 - 06:03 PM

Hello, I don't know a lot about computers, but I acquired a virus that I have heard referred to as the google ad redirect virus. How can I get this removed? It is really annoying.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:34 PM

Posted 23 September 2011 - 07:21 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 23 September 2011 - 09:27 PM

Securitycheck.exe
*******************************************************************

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee AntiVirus Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.5 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
McAfee VirusScan mcods.exe
``````````End of Log````````````


************************************************************************************************************

minitoolbox.exe
*****************************************************************************************************************

MiniToolBox by Farbar
Ran by Kacey Joaquim (administrator) on 23-09-2011 at 21:29:02
Windows 7 Starter (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 0.0.0.0:80
========================= Hosts content: =================================

74.208.10.249 gs.apple.com


========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mine
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 74-F0-6D-6B-E2-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2095:20a3:996e:9531%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : September-23-11 6:31:11 PM
Lease Expires . . . . . . . . . . : September-30-11 9:21:03 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 326430829
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-DF-DB-23-00-21-CC-51-41-27
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-21-CC-51-41-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{898DE479-6E61-420A-8603-0949DA120E22}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14f9:1036:bea3:d04c(Preferred)
Link-local IPv6 Address . . . . . : fe80::14f9:1036:bea3:d04c%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A5355DF5-38E4-4DC2-A9AD-E9A2025DE2C1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.226.84
74.125.226.83
74.125.226.81
74.125.226.82
74.125.226.80


Pinging google.com [74.125.226.80] with 32 bytes of data:
Reply from 74.125.226.80: bytes=32 time=19ms TTL=55
Reply from 74.125.226.80: bytes=32 time=52ms TTL=55

Ping statistics for 74.125.226.80:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 52ms, Average = 35ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=110ms TTL=51
Reply from 98.137.149.56: bytes=32 time=88ms TTL=51

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 110ms, Average = 99ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...74 f0 6d 6b e2 ef ......Atheros AR9285 Wireless Network Adapter
11...00 21 cc 51 41 27 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.104 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.104 281
192.168.0.104 255.255.255.255 On-link 192.168.0.104 281
192.168.0.255 255.255.255.255 On-link 192.168.0.104 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.104 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.104 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:14f9:1036:bea3:d04c/128
On-link
13 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::14f9:1036:bea3:d04c/128
On-link
13 281 fe80::2095:20a3:996e:9531/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/23/2011 09:21:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/23/2011 09:21:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/23/2011 09:21:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/23/2011 09:21:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/23/2011 01:04:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/23/2011 00:49:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/14/2011 01:37:13 PM) (Source: Application Hang) (User: )
Description: The program FL.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f94

Start Time: 01cc73048ea8e565

Termination Time: 398

Application Path: C:\Program Files\Image-Line\FL Studio 10\FL.exe

Report Id: f9fa47d7-def7-11e0-ac7e-0021cc514127

Error: (09/12/2011 07:27:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46572820

Error: (09/12/2011 07:27:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46572820

Error: (09/12/2011 07:27:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/23/2011 09:16:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.

Error: (09/23/2011 09:16:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.

Error: (09/23/2011 07:09:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Wireless Assistant Service service.

Error: (09/23/2011 06:28:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/23/2011 08:38:20 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 199.235.214.215.
The computer with the IP address 199.235.213.247 did not allow the name to be claimed by
this computer.

Error: (09/23/2011 08:37:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/23/2011 05:23:55 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service did not shut down properly after receiving a preshutdown control.

Error: (09/22/2011 06:54:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (09/22/2011 11:42:48 AM) (Source: DCOM) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (09/22/2011 11:42:22 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated with the following error:
%%-2147417831


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.20
Acrobat.com (Version: 1.6.65)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Reader 9.4.5 MUI (Version: 9.4.5)
Adobe Shockwave Player (Version: 11.5.1.601)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft WebCam Companion 3 (Version: 3.0.355)
Atheros Driver Installation Program (Version: 5.0)
Audacity 1.3.13 (Unicode)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Blasterball 3 (Version: 2.2.0.82)
Bonjour (Version: 3.0.0.2)
Chuzzle Deluxe (Version: 2.2.0.82)
Comical 0.8
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
CyberLink DVD Suite (Version: 7.0.2529)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
DiskAid 4.61 (Version: 4.61)
Dream Chronicles (Version: 2.2.0.82)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Faerie Solitaire (Version: 2.2.0.82)
FATE (Version: 2.2.0.82)
FirstClass® Client (Version: 10.0 (build 10.009))
FL Studio 10
foldit
Gem Shop (Version: 2.2.0.82)
Google Earth (Version: 6.0.3.2197)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 2.3.2.0)
Google Update Helper (Version: 1.3.21.65)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Game Console
HP Games (Version: 1.0.0.80)
HP HomeBase (Version: 3.2.2.70)
HP Navigator (Version: 2.0.115)
HP QuickSync (Version: 6.2.620.9550)
HP QuickWeb Installer (Version: 1.2.17.0)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 3.5.20.1)
HP Support Assistant (Version: 5.2.9.2)
HP Update (Version: 5.001.000.014)
HP User Guides 0197 (Version: 1.01.0000)
HP Wireless Assistant (Version: 4.0.6.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
IDT Audio (Version: 1.0.6276.0)
IL Download Manager
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 26 (Version: 6.0.260)
Jewel Match 2 (Version: 2.2.0.82)
Jewel Quest II (Version: 2.2.0.82)
Jewel Quest Solitaire (Version: 2.2.0.82)
JoJo's Fashion Show (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8089.726)
Loki Browser Plugin (Version: 3.3.3.29)
Mahjongg Artifacts (Version: 2.2.0.82)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee AntiVirus Plus (Version: 11.0.586)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 2.0.270.0)
Microsoft Silverlight (Version: 4.0.51204.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
MSN Toolbar (Version: 4.0.0369.0)
MSN Toolbar Platform (Version: 4.0.0369.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 Essentials (Version: 8.3.416)
neroxml (Version: 1.0.0)
Norton Security Scan (Version: 3.0.1.8)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.8 (Version: 3.58.0)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Power Management (Version: 1.0.2.1)
Power2Go (Version: 6.1.3802)
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek PCIE Card Reader (Version: 6.1.7600.00048)
Recovery Manager (Version: 5.5.2725)
Skyhook Wireless XPS Service (Version: 3.4.2.17)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.187)
Slingo Deluxe (Version: 2.2.0.82)
Synaptics Pointing Device Driver (Version: 15.0.17.0)
Times Reader (Version: 2.055)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
VLC media player 1.1.10 (Version: 1.1.10)
Wedding Dash (Version: 2.2.0.82)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinSCP 4.2.9 (Version: 4.2.9)
Zuma Deluxe (Version: 2.2.0.82)

========================= Memory info: ===================================

Percentage of memory in use: 87%
Total physical RAM: 1011.9 MB
Available physical RAM: 122.8 MB
Total Pagefile: 2035.9 MB
Available Pagefile: 725.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:132.98 GB) (Free:11.18 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15.77 GB) (Free:2.27 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\MINE

Administrator Guest Kacey Joaquim


**** End of log ****

***********************************************************************************


malwarebytes
***********************************************************************************

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7784

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/09/2011 10:27:28 PM
mbam-log-2011-09-23 (22-27-28).txt

Scan type: Quick scan
Objects scanned: 178394
Time elapsed: 46 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\3XQZ6EO4AP (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Victim (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Backdoor) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Value: 4ECYTQ9SIC -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3XQZ6EO4AP (Trojan.FakeAlert.SA) -> Value: 3XQZ6EO4AP -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\kacey joaquim\downloads\Drive.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\kacey joaquim\AppData\Roaming\java\java.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\kacey joaquim\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\kacey joaquim\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
***************************************************************************

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:34 PM

Posted 23 September 2011 - 10:01 PM

..and GMER...

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 24 September 2011 - 07:59 AM

I`ve run GMER 3 times and all times it crashed my computer during the scan. The quick scan works completely fine, but then I press scan and leave my computer for a bit, and I come back and I get a message saying "Windows has recovered from an unexpected shutdown" it says you can check online for a solution.

#6 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 24 September 2011 - 09:41 AM

I ran it once more, and it did the exact same thing. Then I tried running it in safe mode, but it still just crashed with the same error message.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:34 PM

Posted 24 September 2011 - 10:19 AM

Run this instead...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 September 2011 - 07:36 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-25 08:07:26
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
Running: kuonie2t.exe; Driver: C:\Users\KACEYJ~1\AppData\Local\Temp\pxldypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8678F268]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8678F292]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8678F27E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8678F254]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82066148 5 Bytes JMP 8678F258 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8207E539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820A3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00830FEF
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00830FD4
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00820FAC
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00820F79
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00820F8A
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00820FDB
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 008200CB
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 008200A9
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 0082008E
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00820073
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00820011
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 0082011F
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00820047
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00820062
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00820000
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 008200F0
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 0082002C
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00820F9B
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 008200BA
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_open 76907E48 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!system 7693B16F 5 Bytes JMP 00850044
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00850029
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00850FD4
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00850018
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00840000
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00840FCA
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00840F94
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00840FAF
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00840011
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00840F79
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00840FE5
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00840036
.text C:\Windows\system32\svchost.exe[392] WS2_32.dll!socket 76C63F00 5 Bytes JMP 008E000A
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00950FEF
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 0095001B
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 0095000A
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 000F0F50
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 000F0F13
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 000F0F24
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 000F0025
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 000F0079
.text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 000F0F7C
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 000F0F8D
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 000F004A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 000F00C3
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 000F0FA8
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 000F0000
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 000F0094
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 000F0FD4
.text C:\Windows\system32\services.exe[540] kernel32.dll!WinExec 767FE739 5 Bytes JMP 000F0F3F
.text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 000F0F6B
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_open 76907E48 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 009F0FB7
.text C:\Windows\system32\services.exe[540] msvcrt.dll!system 7693B16F 5 Bytes JMP 009F0042
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 009F0016
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 009F0031
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wopen 76940570 5 Bytes JMP 009F0FD2
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 009E000A
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 009E0F9E
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 009E0F72
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 009E0F83
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 009E0039
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\services.exe[540] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00A00000
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 000D0000
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 000D002C
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 000D0011
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 000C0084
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 000C00DC
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 000C00C1
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 000C0025
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 000C0073
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 000C0058
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 000C0F8A
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 000C0FA5
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 000C0F36
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 000C0036
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 000C0047
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 000C000A
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 000C0095
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!WinExec 767FE739 5 Bytes JMP 000C00A6
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 000C0F5B
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_open 76907E48 5 Bytes JMP 000F0000
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 000F0042
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!system 7693B16F 5 Bytes JMP 000F0FB7
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 000F001D
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 000F0FD2
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wopen 76940570 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 000E0036
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 000E0F94
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 000E0FA5
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 000E0014
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 000E0F79
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 000E0025
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 000E0FCA
.text C:\Windows\system32\lsass.exe[608] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00470000
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00470FCA
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00470FE5
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 003A0098
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 003A00B3
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 003A0F1E
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 003A0FB9
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 003A0087
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 003A0065
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 003A004A
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 003A0F8D
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 003A0F0D
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 003A0FA8
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 003A002F
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 003A000A
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 003A0F54
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 003A0FD4
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!WinExec 767FE739 5 Bytes JMP 003A0F39
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 003A0076
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_open 76907E48 5 Bytes JMP 004A0000
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 004A0FB7
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!system 7693B16F 5 Bytes JMP 004A0038
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 004A001D
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 004A0FD2
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wopen 76940570 5 Bytes JMP 004A0FE3
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00480FEF
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00480039
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00480F9E
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 0048004A
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00480014
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00480F83
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00480FDE
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00480FCD
.text C:\Windows\system32\svchost.exe[708] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00BB0FEF
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 002F0FEF
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 002F000A
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 002F0FD4
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 002E0F5E
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 002E0F0D
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 002E0F1E
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 002E002C
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 002E0F6F
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 002E0F8A
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 002E006C
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 002E0051
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 002E0011
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 002E00C7
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 002E0FB6
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 002E0FA5
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 002E0F4D
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 002E0FDB
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!WinExec 767FE739 5 Bytes JMP 002E00A2
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 002E007D
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_open 76907E48 5 Bytes JMP 00310FE3
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00310F86
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!system 7693B16F 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00310FBC
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00310FA1
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00300FB2
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 0030004A
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00300039
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00300F97
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00300FDE
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00300FCD
.text C:\Windows\system32\svchost.exe[788] WS2_32.dll!socket 76C63F00 5 Bytes JMP 003E0FE5
.text C:\Windows\System32\svchost.exe[836] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00E50000
.text C:\Windows\System32\svchost.exe[836] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00E5002C
.text C:\Windows\System32\svchost.exe[836] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00E5001B
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00D300B3
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00D300E6
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00D30F51
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00D30040
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 00D300A2
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00D30087
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00D30076
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00D30FAF
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00D30FEF
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00D30101
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00D30FCA
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00D30051
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00D30000
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 00D300C4
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00D30025
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00D300D5
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00D30F8A
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_open 76907E48 5 Bytes JMP 00F0000C
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00F0004E
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!system 7693B16F 5 Bytes JMP 00F00FB9
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00F00FDE
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00F0001D
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00EF0FEF
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00EF0FC3
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00EF0065
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00EF0040
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00EF000A
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00EF0076
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00EF0FD4
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00EF002F
.text C:\Windows\System32\svchost.exe[836] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00F90FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 008C0FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 008C002F
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 008C0014
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00870F5A
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 008700D4
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00870F49
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 0087001E
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 0087008D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00870F86
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 0087005E
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 0087004D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00870FDE
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00870F24
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00870FBC
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00870FA1
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00870FEF
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 008700A8
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00870FCD
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!WinExec 767FE739 5 Bytes JMP 008700C3
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00870F75
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_open 76907E48 5 Bytes JMP 00960FEF
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00960FB7
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!system 7693B16F 5 Bytes JMP 00960FC8
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 0096001D
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00960038
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wopen 76940570 5 Bytes JMP 0096000C
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 008D0FC0
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 008D0F94
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 008D0FA5
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 008D0011
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 008D0F83
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 008D0022
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 008D0FD1
.text C:\Windows\System32\svchost.exe[928] WS2_32.dll!socket 76C63F00 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00D5000A
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00D50036
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00D5001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00CE0F8A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00CE0F68
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00CE00FD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00CE003D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 00CE00B3
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00CE0084
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00CE0FB6
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00CE0FC7
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00CE0011
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00CE0F57
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00CE004E
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00CE0069
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00CE0000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 00CE0F79
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00CE0022
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00CE00E2
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00CE0F9B
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_open 76907E48 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00DB0075
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!system 7693B16F 5 Bytes JMP 00DB0064
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00DB002E
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00DB003F
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00DB001D
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00D60FE5
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00D60F83
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00D60F5E
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00D6000A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00D60FCA
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00D6001B
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00D60FB9
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00D60FA8
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00DC0000
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00600FC3
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 004F0F51
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 004F0F1B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 004F0F36
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 004F0FC0
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 004F0084
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 004F0F80
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 004F0058
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 004F0F9B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 004F0000
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 004F0F0A
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 004F0022
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 004F0033
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 004F0FEF
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 004F009F
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 004F0011
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec 767FE739 5 Bytes JMP 004F00B0
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 004F0073
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_open 76907E48 5 Bytes JMP 00660000
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00660FB7
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!system 7693B16F 5 Bytes JMP 00660038
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00660FD2
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00660027
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00660FE3
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00610FEF
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00610036
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00610F9E
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00610FAF
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00610FD4
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00610F8D
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00610014
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00610025
.text C:\Windows\system32\svchost.exe[1224] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00350022
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00350011
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 001C0F4A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 001C00B3
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 001C0098
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 001C0FC0
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 001C0073
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 001C0F76
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 001C004E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 001C0F9B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 001C0FDB
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 001C0F03
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 001C002C
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 001C003D
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 001C0F2F
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 767FE739 5 Bytes JMP 001C0F1E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 001C0F65
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 76907E48 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00370FAD
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 7693B16F 5 Bytes JMP 00370FBE
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00370FE3
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 0037002E
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 76940570 5 Bytes JMP 0037001D
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00360FD4
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00360FB9
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 0036005B
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 0036006C
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00360025
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00360040
.text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00800FEF
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00850011
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 0027009B
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 002700DB
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00270F3C
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00270014
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 0027008A
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00270F72
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00270F83
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00270036
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00270FCA
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00270F2B
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00270FA8
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00270FE5
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 002700AC
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00270F57
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_open 76907E48 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!system 7693B16F 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 008B0FA1
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wopen 76940570 5 Bytes JMP 008B0FD2
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 008A003D
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 008A0FA5
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 008A0FB6
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 008A0F94
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 008A001B
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 008A002C
.text C:\Windows\system32\svchost.exe[1540] WS2_32.dll!socket 76C63F00 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00330FCA
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00320FA8
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00320122
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00320F8D
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00320036
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 003200D1
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00320FB9
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00320091
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00320076
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00320F72
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 0032005B
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 003200F6
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00320025
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00320107
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 003200B6
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_open 76907E48 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00350FA1
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!system 7693B16F 5 Bytes JMP 0035002C
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00350FC6
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 0035001B
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00350FE3
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00340FB9
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00340036
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00340F94
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 0034005B
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 0034001B
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00340FCA
.text C:\Windows\Explorer.EXE[1728] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 03F20FEF
.text C:\Windows\Explorer.EXE[1728] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 03F20014
.text C:\Windows\Explorer.EXE[1728] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 03F20FD4
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 039B0F57
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 039B0F17
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 039B00A2
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 039B0FB9
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 039B0080
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 039B0065
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 039B004A
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 039B002F
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 039B0FDE
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 039B00BD
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 039B0FA8
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 039B0F8D
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 039B0FEF
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 039B0091
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 039B0014
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!WinExec 767FE739 5 Bytes JMP 039B0F28
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 039B0F72
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 03F30FEF
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 03F30F9E
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 03F30F7C
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 03F30F8D
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 03F3000A
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 03F3002F
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 03F30FCA
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 03F30FAF
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_open 76907E48 5 Bytes JMP 03F90000
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 03F90FA1
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!system 7693B16F 5 Bytes JMP 03F90036
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 03F90FBC
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 03F9001B
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_wopen 76940570 5 Bytes JMP 03F90FE3
.text C:\Windows\Explorer.EXE[1728] WS2_32.dll!socket 76C63F00 5 Bytes JMP 03FE000A
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenA 76617DC4 5 Bytes JMP 03F8000A
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenW 76619D40 5 Bytes JMP 03F8001B
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenUrlA 7661DBB8 5 Bytes JMP 03F80040
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenUrlW 7666E0EE 5 Bytes JMP 03F80FE5
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2316] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 6F7C99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2316] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 6F7C9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2768] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[2768] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00240FD4
.text C:\Windows\system32\svchost.exe[2768] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 002300AC
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00230F57
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00230F68
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00230FC3
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 00230091
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00230F9E
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00230076
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 0023005B
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00230F46
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 0023002F
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 0023004A
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 002300BD
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00230FD4
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!WinExec 767FE739 5 Bytes JMP 002300D8
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00230F8D
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_open 76907E48 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00290042
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!system 7693B16F 5 Bytes JMP 00290031
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00290FC1
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00290016
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00290FD2
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 001D0F8A
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 001D0F79
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[2768] WS2_32.dll!socket 76C63F00 5 Bytes JMP 0042000A
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00830FEF
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00830FD4

.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00820FAC
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00820F79
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00820F8A
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00820FDB
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 008200CB
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 008200A9
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 0082008E
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00820073
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00820011
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 0082011F
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00820047
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00820062
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00820000
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 008200F0
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 0082002C
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00820F9B
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 008200BA
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_open 76907E48 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!system 7693B16F 5 Bytes JMP 00850044
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00850029
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00850FD4
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00850018
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00840000
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00840FCA
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00840F94
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00840FAF
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00840011
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00840F79
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00840FE5
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00840036
.text C:\Windows\system32\svchost.exe[392] WS2_32.dll!socket 76C63F00 5 Bytes JMP 008E000A
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00950FEF
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 0095001B
.text C:\Windows\system32\services.exe[540] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 0095000A
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 000F0F50
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 000F0F13
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 000F0F24
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 000F0025
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 000F0079
.text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 000F0F7C
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 000F0F8D
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 000F004A
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 000F00C3
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 000F0FA8
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 000F0000
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 000F0094
.text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 000F0FD4
.text C:\Windows\system32\services.exe[540] kernel32.dll!WinExec 767FE739 5 Bytes JMP 000F0F3F
.text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 000F0F6B
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_open 76907E48 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 009F0FB7
.text C:\Windows\system32\services.exe[540] msvcrt.dll!system 7693B16F 5 Bytes JMP 009F0042
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 009F0016
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 009F0031
.text C:\Windows\system32\services.exe[540] msvcrt.dll!_wopen 76940570 5 Bytes JMP 009F0FD2
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 009E000A
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 009E0F9E
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 009E0F72
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 009E0F83
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 009E0039
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 009E0FB9
.text C:\Windows\system32\services.exe[540] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00A00000
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 000D0000
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 000D002C
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 000D0011
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 000C0084
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 000C00DC
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 000C00C1
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 000C0025
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 000C0073
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 000C0058
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 000C0F8A
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 000C0FA5
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 000C0F36
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 000C0036
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 000C0047
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 000C000A
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 000C0095
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!WinExec 767FE739 5 Bytes JMP 000C00A6
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 000C0F5B
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_open 76907E48 5 Bytes JMP 000F0000
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 000F0042
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!system 7693B16F 5 Bytes JMP 000F0FB7
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 000F001D
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 000F0FD2
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wopen 76940570 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 000E0036
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 000E0F94
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 000E0FA5
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 000E0014
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 000E0F79
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 000E0025
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 000E0FCA
.text C:\Windows\system32\lsass.exe[608] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00470000
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00470FCA
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00470FE5
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 003A0098
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 003A00B3
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 003A0F1E
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 003A0FB9
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 003A0087
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 003A0065
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 003A004A
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 003A0F8D
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 003A0F0D
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 003A0FA8
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 003A002F
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 003A000A
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 003A0F54
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 003A0FD4
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!WinExec 767FE739 5 Bytes JMP 003A0F39
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 003A0076
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_open 76907E48 5 Bytes JMP 004A0000
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 004A0FB7
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!system 7693B16F 5 Bytes JMP 004A0038
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 004A001D
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 004A0FD2
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wopen 76940570 5 Bytes JMP 004A0FE3
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00480FEF
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00480039
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00480F9E
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 0048004A
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00480014
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00480F83
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00480FDE
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00480FCD
.text C:\Windows\system32\svchost.exe[708] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00BB0FEF
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 002F0FEF
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 002F000A
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 002F0FD4
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 002E0F5E
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 002E0F0D
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 002E0F1E
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 002E002C
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 002E0F6F
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 002E0F8A
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 002E006C
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 002E0051
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 002E0011
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 002E00C7
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 002E0FB6
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 002E0FA5
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 002E0F4D
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 002E0FDB
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!WinExec 767FE739 5 Bytes JMP 002E00A2
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 002E007D
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_open 76907E48 5 Bytes JMP 00310FE3
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00310F86
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!system 7693B16F 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00310FBC
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00310FA1
.text C:\Windows\system32\svchost.exe[788] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00300FB2
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 0030004A
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00300039
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00300F97
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00300FDE
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00300FCD
.text C:\Windows\system32\svchost.exe[788] WS2_32.dll!socket 76C63F00 5 Bytes JMP 003E0FE5
.text C:\Windows\System32\svchost.exe[836] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00E50000
.text C:\Windows\System32\svchost.exe[836] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00E5002C
.text C:\Windows\System32\svchost.exe[836] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00E5001B
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00D300B3
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00D300E6
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00D30F51
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00D30040
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 00D300A2
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00D30087
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00D30076
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00D30FAF
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00D30FEF
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00D30101
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00D30FCA
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00D30051
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00D30000
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 00D300C4
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00D30025
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00D300D5
.text C:\Windows\System32\svchost.exe[836] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00D30F8A
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_open 76907E48 5 Bytes JMP 00F0000C
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00F0004E
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!system 7693B16F 5 Bytes JMP 00F00FB9
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00F00FDE
.text C:\Windows\System32\svchost.exe[836] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00F0001D
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00EF0FEF
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00EF0FC3
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00EF0065
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00EF0040
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00EF000A
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00EF0076
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00EF0FD4
.text C:\Windows\System32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00EF002F
.text C:\Windows\System32\svchost.exe[836] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00F90FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 008C0FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 008C002F
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 008C0014
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00870F5A
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 008700D4
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00870F49
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 0087001E
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 0087008D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00870F86
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 0087005E
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 0087004D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00870FDE
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00870F24
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00870FBC
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00870FA1
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00870FEF
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 008700A8
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00870FCD
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!WinExec 767FE739 5 Bytes JMP 008700C3
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00870F75
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_open 76907E48 5 Bytes JMP 00960FEF
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00960FB7
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!system 7693B16F 5 Bytes JMP 00960FC8
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 0096001D
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00960038
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wopen 76940570 5 Bytes JMP 0096000C
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 008D0FC0
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 008D0F94
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 008D0FA5
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 008D0011
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 008D0F83
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 008D0022
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 008D0FD1
.text C:\Windows\System32\svchost.exe[928] WS2_32.dll!socket 76C63F00 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00D5000A
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00D50036
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00D5001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00CE0F8A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00CE0F68
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00CE00FD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00CE003D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 00CE00B3
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00CE0084
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00CE0FB6
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00CE0FC7
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00CE0011
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00CE0F57
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00CE004E
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00CE0069
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00CE0000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 00CE0F79
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00CE0022
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00CE00E2
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00CE0F9B
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_open 76907E48 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00DB0075
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!system 7693B16F 5 Bytes JMP 00DB0064
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00DB002E
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00DB003F
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00DB001D
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00D60FE5
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00D60F83
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00D60F5E
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00D6000A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00D60FCA
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00D6001B
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00D60FB9
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00D60FA8
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00DC0000
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00600FC3
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 004F0F51
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 004F0F1B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 004F0F36
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 004F0FC0
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 004F0084
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 004F0F80
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 004F0058
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 004F0F9B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 004F0000
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 004F0F0A
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 004F0022
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 004F0033
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 004F0FEF
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 004F009F
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 004F0011
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec 767FE739 5 Bytes JMP 004F00B0
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 004F0073
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_open 76907E48 5 Bytes JMP 00660000
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00660FB7
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!system 7693B16F 5 Bytes JMP 00660038
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00660FD2
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00660027
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00660FE3
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 00610FEF
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00610036
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00610F9E
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00610FAF
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00610FD4
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 00610F8D
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00610014
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00610025
.text C:\Windows\system32\svchost.exe[1224] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00350022
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00350011
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 001C0F4A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 001C00B3
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 001C0098
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 001C0FC0
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 001C0073
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 001C0F76
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 001C004E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 001C0F9B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 001C0FDB
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 001C0F03
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 001C002C
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 001C003D
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 001C0F2F
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 767FE739 5 Bytes JMP 001C0F1E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 001C0F65
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 76907E48 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00370FAD
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 7693B16F 5 Bytes JMP 00370FBE
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00370FE3
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 0037002E
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 76940570 5 Bytes JMP 0037001D
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00360FD4
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00360FB9
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 0036005B
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 0036006C
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 00360025
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00360040
.text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 76C63F00 5 Bytes JMP 00800FEF
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00850011
.text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 0027009B
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 002700DB
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00270F3C
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00270014
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 0027008A
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00270F72
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00270F83
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00270036
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 00270FCA
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00270F2B
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00270FA8
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00270FE5
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 002700AC
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00270F57
.text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_open 76907E48 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!system 7693B16F 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 008B0FA1
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wopen 76940570 5 Bytes JMP 008B0FD2
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 008A003D
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 008A0FA5
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 008A0FB6
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 008A0F94
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 008A001B
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 008A002C
.text C:\Windows\system32\svchost.exe[1540] WS2_32.dll!socket 76C63F00 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00330FCA
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 00320FA8
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00320122
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00320F8D
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00320036
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 003200D1
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00320FB9
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00320091
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 00320076
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00320F72
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 0032005B
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 003200F6
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00320025
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!WinExec 767FE739 5 Bytes JMP 00320107
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 003200B6
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_open 76907E48 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00350FA1
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!system 7693B16F 5 Bytes JMP 0035002C
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00350FC6
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 0035001B
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00350FE3
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 00340FB9
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 00340036
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 00340F94
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 0034005B
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 0034001B
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 00340FCA
.text C:\Windows\Explorer.EXE[1728] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 03F20FEF
.text C:\Windows\Explorer.EXE[1728] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 03F20014
.text C:\Windows\Explorer.EXE[1728] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 03F20FD4
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 039B0F57
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 039B0F17
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 039B00A2
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 039B0FB9
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 039B0080
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 039B0065
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 039B004A
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 039B002F
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 039B0FDE
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 039B00BD
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 039B0FA8
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 039B0F8D
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 039B0FEF
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 039B0091
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 039B0014
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!WinExec 767FE739 5 Bytes JMP 039B0F28
.text C:\Windows\Explorer.EXE[1728] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 039B0F72
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 03F30FEF
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 03F30F9E
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 03F30F7C
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 03F30F8D
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 03F3000A
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 03F3002F
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 03F30FCA
.text C:\Windows\Explorer.EXE[1728] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 03F30FAF
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_open 76907E48 5 Bytes JMP 03F90000
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 03F90FA1
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!system 7693B16F 5 Bytes JMP 03F90036
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 03F90FBC
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 03F9001B
.text C:\Windows\Explorer.EXE[1728] msvcrt.dll!_wopen 76940570 5 Bytes JMP 03F90FE3
.text C:\Windows\Explorer.EXE[1728] WS2_32.dll!socket 76C63F00 5 Bytes JMP 03FE000A
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenA 76617DC4 5 Bytes JMP 03F8000A
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenW 76619D40 5 Bytes JMP 03F8001B
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenUrlA 7661DBB8 5 Bytes JMP 03F80040
.text C:\Windows\Explorer.EXE[1728] WININET.dll!InternetOpenUrlW 7666E0EE 5 Bytes JMP 03F80FE5
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2316] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 6F7C99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2316] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 6F7C9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2768] ntdll.dll!NtCreateFile 77AD4870 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[2768] ntdll.dll!NtCreateProcess 77AD4940 5 Bytes JMP 00240FD4
.text C:\Windows\system32\svchost.exe[2768] ntdll.dll!NtProtectVirtualMemory 77AD51C0 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetStartupInfoA 76771DF0 5 Bytes JMP 002300AC
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateProcessW 7677202D 5 Bytes JMP 00230F57
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateProcessA 76772062 5 Bytes JMP 00230F68
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateNamedPipeW 767A1FEE 5 Bytes JMP 00230FC3
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreatePipe 767A4AAB 5 Bytes JMP 00230091
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!VirtualProtect 767B50CB 5 Bytes JMP 00230F9E
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryExW 767BB647 5 Bytes JMP 00230076
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryExA 767BBC13 5 Bytes JMP 0023005B
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateFileW 767C0AFD 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetProcAddress 767C17D7 5 Bytes JMP 00230F46
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryA 767C2804 5 Bytes JMP 0023002F
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!LoadLibraryW 767C2852 5 Bytes JMP 0023004A
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateFileA 767C289C 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetStartupInfoW 767C7C55 5 Bytes JMP 002300BD
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!CreateNamedPipeA 767FD577 5 Bytes JMP 00230FD4
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!WinExec 767FE739 5 Bytes JMP 002300D8
.text C:\Windows\system32\svchost.exe[2768] kernel32.dll!VirtualProtectEx 767FF6F1 5 Bytes JMP 00230F8D
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_open 76907E48 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_wsystem 7693B04F 5 Bytes JMP 00290042
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!system 7693B16F 5 Bytes JMP 00290031
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_creat 7693ED29 5 Bytes JMP 00290FC1
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_wcreat 7694038E 5 Bytes JMP 00290016
.text C:\Windows\system32\svchost.exe[2768] msvcrt.dll!_wopen 76940570 5 Bytes JMP 00290FD2
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyA 75FCD2ED 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyA 75FCD3C1 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyExA 75FD1B71 5 Bytes JMP 001D0F8A
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyW 75FD1CC0 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyW 75FD3129 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegCreateKeyExW 75FDB946 5 Bytes JMP 001D0F79
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyExA 75FDBC0D 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!RegOpenKeyExW 75FDBEC4 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[2768] WS2_32.dll!socket 76C63F00 5 Bytes JMP 0042000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[768] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0084A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\mfevtps.exe[768] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0084A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1892] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3944] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B35E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:34 PM

Posted 25 September 2011 - 10:11 AM

Re-run MiniToolbox.

Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
Click Go and post the result.

Restart computer.

Re-run MiniToolbox.

Checkmark following boxes:
  • Report IE Proxy Settings
Click Go and post the result.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 September 2011 - 10:14 AM

MiniToolBox by Farbar
Ran by Kacey Joaquim (administrator) on 25-09-2011 at 11:14:18
Windows 7 Starter (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****

#11 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 September 2011 - 10:21 AM

MiniToolBox by Farbar
Ran by Kacey Joaquim (administrator) on 25-09-2011 at 11:20:25
Windows 7 Starter (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

**** End of log ****

#12 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 September 2011 - 10:22 AM

Does me using google chrome affect anything here? I just keep seeing "IE" and I'm assuming that means internet explorer? I'm really sorry if it does, I should of mentioned that earlier

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:34 PM

Posted 25 September 2011 - 10:24 AM

Is it the Google Chrome, which actually is getting redirected?

Edited by Broni, 25 September 2011 - 10:24 AM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 coolman20610

coolman20610
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 25 September 2011 - 10:26 AM

Only when I click a link on a search engine. I go to google.ca, and it redirects me somewhere else

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:34 PM

Posted 25 September 2011 - 10:33 AM

Can you check if Internet Explorer does the same thing?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users