Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem with other issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 mpeagan

mpeagan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 02 December 2011 - 09:01 AM

What started off as just google searches being redirrected has now become a problem of slow boot up and my mouse pointer disappears at times. I could really use some help. I need this computer to look for work having been laid off last month. Thanks in advance.

dds

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 13:14:46 on 2011-11-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2431.1861 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6253\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111111072152.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Autodesk Map REGMAP] regsvr32 /u /s "d:\program files\autodesk land desktop 2006\RegMap.dll"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5}
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{FD42E904-7835-4A59-8862-43DA759D1FFF} : DhcpNameServer = 68.87.68.166 68.87.74.166
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-16 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-21 89792]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-21 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-21 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-21 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-21 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-21 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-21 150856]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-21 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-16 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-16 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-21 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-21 83856]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-21 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-21 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-16 40552]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-11-28 20:44:27 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-24 03:15:24 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2011-11-24 03:09:28 -------- d-----w- c:\program files\Citrix
2011-11-24 03:09:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\Citrix
2011-11-21 21:47:15 -------- d-----w- c:\program files\iPod
2011-11-16 22:35:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-16 22:35:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-14 18:49:48 -------- d-----w- c:\program files\Bonjour
2011-11-11 14:38:48 -------- d-sha-r- C:\cmdcons
2011-11-11 14:36:09 98816 ----a-w- c:\windows\sed.exe
2011-11-11 14:36:09 518144 ----a-w- c:\windows\SWREG.exe
2011-11-11 14:36:09 256000 ----a-w- c:\windows\PEV.exe
2011-11-11 14:36:09 208896 ----a-w- c:\windows\MBR.exe
2011-11-09 18:30:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-09 14:15:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-08 15:56:48 -------- d-----w- c:\documents and settings\owner\application data\McAFee TechCheck
2011-11-08 15:54:42 -------- d-----w- c:\windows\40F8FD5F470148D6A8FC1F188007DF38.TMP
2011-11-08 15:54:09 -------- d-----w- c:\documents and settings\owner\application data\TechCheck
2011-11-08 15:09:16 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-08 15:09:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-08 15:08:29 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-08 14:47:42 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-07 18:53:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 19:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:16:12.23 ===============


GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-30 19:06:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3200827A rev.3.AAE
Running: uz817k86.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgliqpow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E734C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E734D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E73500]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E73556]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E734AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E73484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E73498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E734EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E7352C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E73516]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E73580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E7356C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E73540]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9E73544 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP B9E7355A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP B9E73570 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6114 3 Bytes JMP B9E73530 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject + 4 805B6118 1 Byte [39]
PAGE ntkrnlpa.exe!NtOpenProcess 805C13F8 5 Bytes JMP B9E73488 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1684 5 Bytes JMP B9E7349C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP B9E73584 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 8061925E 7 Bytes JMP B9E7351A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061A70E 7 Bytes JMP B9E734EE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061ACEC 5 Bytes JMP B9E734C4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061B188 7 Bytes JMP B9E734D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B358 7 Bytes JMP B9E73504 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061C0CA 5 Bytes JMP B9E734B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8EC6360, 0x1FE48D, 0xE8000020]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C40F66
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40F81
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4005B
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C4002F
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C40087
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C40076
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40EF8
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40F09
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C40EDD
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40F4B
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C40F24
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30FDE
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C3002F
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C3006C
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C3005B
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C3004A
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20058
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20033
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20018
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00770022
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE004C
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE003B
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F57
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0F9E
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0095
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0078
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE0F21
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE00B0
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE0EFC
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0F8D
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0067
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0F3C
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007A000A
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007A0036
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007A0FB9
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007A0F79
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007A0F94
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9A, 88]
.text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00790FA6
.text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790031
.text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790FC1
.text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00790016
.text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790FD2
.text C:\WINDOWS\system32\services.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30F79
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D3006E
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30F94
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30FAF
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30FDB
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300A6
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D3008B
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D300D2
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D30F39
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D300E3
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30FCA
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30011
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30F5E
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D30047
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D3002C
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D300B7
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF002F
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0014
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF004A
.text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE006E
.text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0053
.text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0038
.text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A6002C
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0F72
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0067
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA0F8D
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA004A
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA0014
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F26
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA0078
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA00AE
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA0F15
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA0EF0
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA002F
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0FDE
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA0F57
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA0FA8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA0FCD
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA0093
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A90FC3
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A9005B
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A90014
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A90FDE
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A9004A
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A90FA8
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C9, 88]
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A9002F
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FDE
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80044
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80029
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A4008E
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F99
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40073
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40058
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A4002C
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F50
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F61
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400DF
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400CE
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A400FA
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4003D
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FDB
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F7E
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40011
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FC0
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A400B3
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30025
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30062
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30014
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30051
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20FAF
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A2000C
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A2003A
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A2001D
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01E70000
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01E70025
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01E70FE5
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01F90FEF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01F90F6B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01F90F7C
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01F90F8D
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01F90F9E
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01F90FB9
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01F9007B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01F90F3F
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01F900A7
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01F90F0E
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01F900C2
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01F90040
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01F90FD4
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01F90F5A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01F90025
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01F9000A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01F90096
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01F80FCA
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01F8006C
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01F8001B
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01F8000A
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01F8005B
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01F80FEF
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01F80FB9
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 8A]
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01F80040
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01F70038
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 01F70027
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01F70FD2
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01F70FEF
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01F70FC1
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01F70000
.text C:\WINDOWS\System32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01EA0FEF
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01E90FEF
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01E9000A
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01E9001B
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01E9002C
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0074006C
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00740F6D
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00740F7E
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0074003D
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00740FAF
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007400A9
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00740098
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007400DF
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007400C4
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007400FA
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0074002C
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0074007D
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00740FCA
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00740FDB
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00740F46
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0066006C
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FD4
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0066005B
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0066004A
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FC3
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0065004E
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650033
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650018
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FDB
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099001B
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D007D
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0062
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0F94
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F46
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F63
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D00D8
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00BD
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D00E9
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0036
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D008E
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F35
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0047
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C007D
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0FDB
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0062
.text C:\WINDOWS\system32\svchost.exe[1728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B004E
.text C:\WINDOWS\system32\svchost.exe[1728] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0FB9
.text C:\WINDOWS\system32\svchost.exe[1728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0029
.text C:\WINDOWS\system32\svchost.exe[1728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B000C
.text C:\WINDOWS\system32\svchost.exe[1728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900014
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC00B3
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0FBE
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0098
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0087
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F92
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00CE
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC012B
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0106
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC013C
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0076
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0FA3
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00F5
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB006C
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FDB
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FC0
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930F9C
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930031
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FD2
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FB7
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 00910FC3
.text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920FEF
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FE5
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150000
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F57
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F68
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270040
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F8D
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027002F
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F28
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0027007A
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0027009F
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F06
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EEB
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9E
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027005D
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FC3
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F17
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 00360044
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 00360FB9
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 00360FD4
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 00360029
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 0036000C
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370036
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 0037007D
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370025
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 0037000A
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FC0
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FEF
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370062
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370047
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 004C0FEF
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01B80000
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01B80FE5
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01B80011
.text C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE[2268] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01B8002C
.text C:\WINDOWS\Explorer.EXE[2848] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\Explorer.EXE[2848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FC0
.text C:\WINDOWS\Explorer.EXE[2848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0FA1
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0FBC
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0080
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0065
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00F3
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00CC
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0126
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0115
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F68
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00BB
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B004A
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002F
.text C:\WINDOWS\Explorer.EXE[2848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0104
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A002C
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F94
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0011
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0051
.text C:\WINDOWS\Explorer.EXE[2848] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\Explorer.EXE[2848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0F88
.text C:\WINDOWS\Explorer.EXE[2848] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B001D
.text C:\WINDOWS\Explorer.EXE[2848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC8
.text C:\WINDOWS\Explorer.EXE[2848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[2848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FAD
.text C:\WINDOWS\Explorer.EXE[2848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FE3
.text C:\WINDOWS\Explorer.EXE[2848] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 003E0FE5
.text C:\WINDOWS\Explorer.EXE[2848] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 003E0FD4
.text C:\WINDOWS\Explorer.EXE[2848] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 003E000A
.text C:\WINDOWS\Explorer.EXE[2848] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 003E0025
.text C:\WINDOWS\Explorer.EXE[2848] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014A0FE5
.text C:\WINDOWS\System32\svchost.exe[3760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[3760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FD4
.text C:\WINDOWS\System32\svchost.exe[3760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0054
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F69
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F7A
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F97
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B007B
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F33
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EF6
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F07
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00A0
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F44
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[3760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F22
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A001B
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A004A
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F83
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F9E
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[3760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\System32\svchost.exe[3760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0FB7
.text C:\WINDOWS\System32\svchost.exe[3760] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0FC8
.text C:\WINDOWS\System32\svchost.exe[3760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F001D
.text C:\WINDOWS\System32\svchost.exe[3760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F000C
.text C:\WINDOWS\System32\svchost.exe[3760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0038
.text C:\WINDOWS\System32\svchost.exe[3760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0FE3
.text C:\WINDOWS\System32\svchost.exe[3760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C000A
.text C:\WINDOWS\Explorer.EXE[3780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0009000A
.text C:\WINDOWS\Explorer.EXE[3780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009001B
.text C:\WINDOWS\Explorer.EXE[3780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B000A
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F92
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0FA3
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B007D
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0047
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00D0
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00B3
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00FC
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00EB
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0117
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0058
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0098
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002C
.text C:\WINDOWS\Explorer.EXE[3780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0040
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F83
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A000A
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0025
.text C:\WINDOWS\Explorer.EXE[3780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\Explorer.EXE[3780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0F9C
.text C:\WINDOWS\Explorer.EXE[3780] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0FAD
.text C:\WINDOWS\Explorer.EXE[3780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC8
.text C:\WINDOWS\Explorer.EXE[3780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[3780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0027
.text C:\WINDOWS\Explorer.EXE[3780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FE3
.text C:\WINDOWS\Explorer.EXE[3780] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\Explorer.EXE[3780] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 003E000A
.text C:\WINDOWS\Explorer.EXE[3780] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 003E001B
.text C:\WINDOWS\Explorer.EXE[3780] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 003E0FCA
.text C:\WINDOWS\Explorer.EXE[3780] ws2_32.dll!socket 71AB4211 5 Bytes JMP 003B0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\AcSignIcon.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x60C60000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2848] 0x60D00000

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 07 December 2011 - 09:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430367 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 12 December 2011 - 09:16 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users