Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Searches keep getting redirected


  • This topic is locked This topic is locked
4 replies to this topic

#1 Lorric

Lorric

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 02 December 2011 - 12:48 PM

Hello. All of my searches are getting redirected to either advertisements or lists of other searches that are not related to my original one. I have followed the steps to enable someone to help me. When I try to cut and paste to this forum it is saying that the post is too long. I will try to break it up in thirds.
Any help is greatly appreciated! I need to do searches for my job but cannot do them because of this issue.
Thanks SO much!
Lorri

NOTE: On the original GMER screen (before I saved it) there is one line in red that is not showing up on the below paste. It reads:
Module (noname) (***hidden***) 906F5000-90716000 (135168 bytes)
____________________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-02 12:33:51
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.0004
Running: 9bx53gw2.exe; Driver: C:\Users\Lorri\AppData\Local\Temp\pgloapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B9A6498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B9A64C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B9A64AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B9A6484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 832335C5 5 Bytes JMP 8B9A6488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83245349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!NtMapViewOfSection 8344E43A 7 Bytes JMP 8B9A649C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 83462A65 5 Bytes JMP 8B9A64C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8346C6E2 5 Bytes JMP 8B9A64B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\Lorri\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[112] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 6DB399A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[112] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 6DB39A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[372] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00230000
.text C:\Windows\System32\svchost.exe[372] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00230022
.text C:\Windows\System32\svchost.exe[372] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00230011
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 001E0F4D
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 001E00AC
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 001E009B
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 001E0FC0
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 001E006C
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 001E005B
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 001E0F94
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 001E0EFC
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 001E002C
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 001E0F32
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 001E0FE5
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 001E0000
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 001E0FAF
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 001E0F5E
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 001E001B
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 001E0F21
.text C:\Windows\System32\svchost.exe[372] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 001E0F79
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00240000
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_wsystem 75F3B04F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00240053
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00240FC8
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00240027
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00240038
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_wopen 75F40570 3 Bytes JMP 00240FE3
.text C:\Windows\System32\svchost.exe[372] msvcrt.dll!_wopen + 4 75F40574 1 Byte [8A]
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00260000
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00260FAF
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00260F83
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00260F94
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00260FE5
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00260F72
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00260FC0
.text C:\Windows\System32\svchost.exe[372] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 0026001B
.text C:\Windows\System32\svchost.exe[372] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00250FE5
.text C:\Windows\System32\svchost.exe[372] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00270FE5
.text C:\Windows\System32\svchost.exe[372] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 0027000A
.text C:\Windows\System32\svchost.exe[372] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00270FD4
.text C:\Windows\System32\svchost.exe[372] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[496] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[496] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[496] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00260F46
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 002600A5
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00260F10
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00260FC3
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 0026006F
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 0026004A
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00260F8D
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00260EF5
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00260FA8
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00260F35
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 0026002F
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00260F57
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00260FD4
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00260094
.text C:\Windows\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00260F72
.text C:\Windows\system32\svchost.exe[496] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00480000
.text C:\Windows\system32\svchost.exe[496] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 0048007A
.text C:\Windows\system32\svchost.exe[496] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00480069
.text C:\Windows\system32\svchost.exe[496] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00480029
.text C:\Windows\system32\svchost.exe[496] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 0048004E
.text C:\Windows\system32\svchost.exe[496] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00480FEF
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00490000
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00490022
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00490F91
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00490033
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00490FE5
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00490058
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00490011
.text C:\Windows\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00490FC0
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 001A000A
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\services.exe[588] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00640058
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 006400A9
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00640F14
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 0064000A
.text C:\Windows\system32\services.exe[588] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00640F5E
.text C:\Windows\system32\services.exe[588] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00640F83
.text C:\Windows\system32\services.exe[588] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00640036
.text C:\Windows\system32\services.exe[588] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00640EF9
.text C:\Windows\system32\services.exe[588] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00640F94
.text C:\Windows\system32\services.exe[588] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00640073
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00640FD4
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00640FEF
.text C:\Windows\system32\services.exe[588] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 0064001B
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00640F2F
.text C:\Windows\system32\services.exe[588] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00640FB9
.text C:\Windows\system32\services.exe[588] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 0064008E
.text C:\Windows\system32\services.exe[588] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00640047
.text C:\Windows\system32\services.exe[588] msvcrt.dll!_open 75F07E48 5 Bytes JMP 002C0000
.text C:\Windows\system32\services.exe[588] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 002C0F9C
.text C:\Windows\system32\services.exe[588] msvcrt.dll!system 75F3B16F 5 Bytes JMP 002C0FAD
.text C:\Windows\system32\services.exe[588] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 002C001D
.text C:\Windows\system32\services.exe[588] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 002C0FC8
.text C:\Windows\system32\services.exe[588] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 002C0FE3
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00A60000
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00A60062
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00A60FDB
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00A60073
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00A6001B
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00A60FB6
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00A60047
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00A60036
.text C:\Windows\system32\services.exe[588] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00A50000
.text C:\Windows\system32\services.exe[588] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00A70000
.text C:\Windows\system32\services.exe[588] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00A70FD4
.text C:\Windows\system32\services.exe[588] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00A70FEF
.text C:\Windows\system32\services.exe[588] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00A70FB9
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 000F0FD4
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00110F5A
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 001100D4
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 001100B9
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 0011002F
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00110F90
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00110FB2
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00110FA1
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00110F24
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00110FC3
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 0011009E
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00110FE5
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00110000
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00110054
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00110F75
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00110FD4
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00110F3F
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00110079
.text C:\Windows\system32\lsass.exe[604] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00100000
.text C:\Windows\system32\lsass.exe[604] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 0010002C
.text C:\Windows\system32\lsass.exe[604] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00100FA1
bytes)

BC AdBot (Login to Remove)

 


#2 Lorric

Lorric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 02 December 2011 - 12:50 PM

.text C:\Windows\system32\lsass.exe[604] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00100FBC
.text C:\Windows\system32\lsass.exe[604] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00100011
.text C:\Windows\system32\lsass.exe[604] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00100FD7
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 006E0FE5
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 006E0FB2
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 006E0F97
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 006E0039
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 006E000A
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 006E0054
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 006E0FC3
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 006E0FD4
.text C:\Windows\system32\lsass.exe[604] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00120000
.text C:\Windows\system32\lsass.exe[604] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00730FE5
.text C:\Windows\system32\lsass.exe[604] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00730FD4
.text C:\Windows\system32\lsass.exe[604] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00730000
.text C:\Windows\system32\lsass.exe[604] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00730FB9
.text C:\Windows\system32\svchost.exe[768] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[768] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[768] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00370FD4
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 003D0F32
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 003D00BD
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 003D00AC
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 003D0FD4
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 003D0F79
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 003D0F9E
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 003D0051
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 003D00D8
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 003D0FC3
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 003D0076
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 003D0000
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 003D0040
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 003D0F57
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 003D0FE5
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 003D0087
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 003D0F68
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_open 75F07E48 5 Bytes JMP 003C0FEF
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 003C0FAD
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!system 75F3B16F 5 Bytes JMP 003C002E
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 003C001D
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 003C0FC8
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 003C0000
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00660FEF
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00660F9E
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 0066004A
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 0066002F
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 0066000A
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00660F8D
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00660FAF
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00660FCA
.text C:\Windows\system32\svchost.exe[768] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00650FEF
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 0030001B
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00320F7C
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 00320F35
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00320F46
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00320036
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00320080
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00320FB9
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00320FA8
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00320F1A
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 0032005B
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 003200C0
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00320F8D
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00320025
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00320F61
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 0032009B
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00310F81
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!system 75F3B16F 5 Bytes JMP 0031000C
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00310FC1
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00310FA6
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00310FD2
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 003C0FEF
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 003C0FAB
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 003C0F90
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 003C0032
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 003C0FDE
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 003C0F75
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 003C0FBC
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 003C0FCD
.text C:\Windows\system32\svchost.exe[844] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 003D0FC3
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 003D0FD4
.text C:\Windows\system32\svchost.exe[844] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 003D0014
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00640FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00640014
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00640FDE
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 0070008E
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 007000DF
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00700F40
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00700011
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00700062
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00700F94
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00700047
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00700F2F
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00700FAF
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 0070009F
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00700FD4
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00700036
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 0070007D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00700000
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 007000B0
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00700F6F
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_open 75F07E48 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 006F005A
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!system 75F3B16F 5 Bytes JMP 006F0FCF
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 006F002E
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 006F003F
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 006F001D
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00E90000
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00E9002F
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00E90040
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00E90FA8
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00E90FE5
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00E90F79
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00E90FC3
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00E90FD4
.text C:\Windows\System32\svchost.exe[928] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00710000
.text C:\Windows\System32\svchost.exe[928] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00EA0000
.text C:\Windows\System32\svchost.exe[928] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00EA0FD4
.text C:\Windows\System32\svchost.exe[928] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00EA0FE5
.text C:\Windows\System32\svchost.exe[928] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00EA0025
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 005A000A
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 005A001B
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 005A0FE5
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 005C0F32
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 005C00A2
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 005C0F17
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 005C0FB2
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 005C0F5E
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 005C0040
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 005C0F83
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 005C00BD
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 005C001E
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 005C0080
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 005C0FD4
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 005C0FEF
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 005C002F
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 005C0F4D
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 005C0FC3
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 005C0091
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 005C0051
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_open 75F07E48 5 Bytes JMP 005B0000
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 005B005A
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!system 75F3B16F 5 Bytes JMP 005B0049
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 005B002E
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 005B0FD9
.text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 005B001D
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00660FEF
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00660025
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00660F9E
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00660036
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00660014
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00660F83
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00660FB9
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00660FDE
.text C:\Windows\System32\svchost.exe[972] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00610FEF
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00E80000
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00E80FD4
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00E80FE5
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 77A86A98 5 Bytes JMP 0065000A
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!KiUserExceptionDispatcher 77A87008 5 Bytes JMP 0054000A
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00FF0F43
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 00FF00C4
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00FF00B3
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00FF0025
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00FF0F80
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00FF0047
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00FF0058
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00FF0F14
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00FF0FAF
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00FF007D
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00FF0FDE
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00FF0FEF
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00FF0036
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00FF0F54
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00FF000A
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00FF0098
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00FF0F65
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00FE0042
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00FE0FB7
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00FE0FD2
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00FE001D
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00FE0FE3
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 0111000A
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 01110051
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 0111007D
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 01110062
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 0111001B
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 01110098
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 01110036
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 01110FDB
.text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 76753EB8 5 Bytes JMP 01000FE5
.text C:\Windows\system32\svchost.exe[1000] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 01120FEF
.text C:\Windows\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 01120FDE
.text C:\Windows\system32\svchost.exe[1000] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 01120014
.text C:\Windows\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 01120FB9
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00260FEF
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00260FC3
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00260FD4
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00250098
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 002500DF
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 002500CE
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00250FB9
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00250F79
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00250036
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00250047
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00250F25
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00250025
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 002500A9
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00250FD4
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00250FE5
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00250F94
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00250087
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 0025000A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00250F4A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 0025006C
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00270F9C
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00270FB7
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00270FD2
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00270027
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 0027000C
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00320FEF
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00320FC0
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00320058
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00320047
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00320014
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00320073
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00320036
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00320025
.text C:\Windows\System32\svchost.exe[1052] WS2_32.dll!socket 76753EB8 5 Bytes JMP 0028000A
.text C:\Windows\System32\svchost.exe[1052] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 003C0FEF
.text C:\Windows\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 003C000A
.text C:\Windows\System32\svchost.exe[1052] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 003C0FD4
.text C:\Windows\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 003C001B
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 003D0000
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 003D0022
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 003D0011
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 003C0F46
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 003C0F09
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 003C009E
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 003C0FAF
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 003C0F68
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 003C0F79
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 003C0036
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 003C0EF8
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 003C0025
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 003C0F2B
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 003C0000
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 003C0FEF
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 003C0F94
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 003C0F57
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 003C0FCA
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 003C0F1A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 003C005B
.text C:\Windows\system32\svchost.exe[1172] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00420FEF
.text C:\Windows\system32\svchost.exe[1172] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00420F90
.text C:\Windows\system32\svchost.exe[1172] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00420FA1
.text C:\Windows\system32\svchost.exe[1172] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00420FCD
.text C:\Windows\system32\svchost.exe[1172] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00420FBC
.text C:\Windows\system32\svchost.exe[1172] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00420FDE
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00430FEF
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 0043003D
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00430073
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00430058
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 0043000A
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 0043008E
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 0043002C
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 0043001B
.text C:\Windows\system32\svchost.exe[1172] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00AB000A
.text C:\Windows\system32\svchost.exe[1172] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00DE0FD4
.text C:\Windows\system32\svchost.exe[1172] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00DE0014
.text C:\Windows\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00DE0025
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00450FE5
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00450FCA
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00450000
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00440F43
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 004400C7
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 004400AC
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00440FD4
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00440F72
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00440F9E
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00440F8D
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 004400D8
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00440FC3
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00440F32
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 0044000A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00440FEF
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00440040
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00440076
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 0044001B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 0044009B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00440065
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_open 75F07E48 5 Bytes JMP 0047000C
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00470FB7
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00470FC8
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00470FE3
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00470038
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 0047001D
.text C:\Windows\System32\svchost.exe[1220] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00480000
.text C:\Windows\System32\svchost.exe[1220] wininet.dll!InternetOpenA 769F4E33 5 Bytes JMP 004A0FE5
.text C:\Windows\System32\svchost.exe[1220] wininet.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 004A0000
.text C:\Windows\System32\svchost.exe[1220] wininet.dll!InternetOpenW 76A2C02E 5 Bytes JMP 004A0FD4
.text C:\Windows\System32\svchost.exe[1220] wininet.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 004A0011
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00490FEF
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00490FB9
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00490F8D
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00490FA8
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 0049000A
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00490054
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00490FD4
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 0049001B
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 0068001B
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00680FDB
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00670F72
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 006700DB
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 006700B6
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00670014
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 0067007D
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00670051
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00670062
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00670F2B
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00670025
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00670F57
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00670FD4
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00670FE5
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00670036
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00670F83
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00670FC3
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00670F3C
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00670F94
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_open 75F07E48 5 Bytes JMP 006D0FEF
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 006D004E
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!system 75F3B16F 5 Bytes JMP 006D0FC3
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 006D0018
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 006D0033
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 006D0FDE
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 006F0000
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 006F002C
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 006F0FA5
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 006F003D
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 006F0F94
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 006F0FC0
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA

76944907 5 Bytes JMP 006F001B
.text C:\Windows\system32\svchost.exe[1260] WS2_32.dll!socket 76753EB8 5 Bytes JMP 006E000A
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00700FE5
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00700FD4
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00700000
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00700FC3
.text C:\Windows\system32\svchost.exe[1652] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00AF0FEF
.text C:\Windows\system32\svchost.exe[1652] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00AF0FB9
.text C:\Windows\system32\svchost.exe[1652] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00AF0FD4
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00AA00DB
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 00AA0F90
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00AA0125
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00AA0040
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00AA009B
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00AA0FC3
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00AA0080
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00AA0140
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00AA0051
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00AA0100
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00AA001B
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00AA0000
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00AA0FD4
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00AA00CA
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00AA0FEF
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00AA0FA1
.text C:\Windows\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00AA0FB2
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00B00000
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00B00025
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00B00F9A
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00B00FC6
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00B00FB5
.text C:\Windows\system32\svchost.exe[1652] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00B00FD7
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00B10FEF
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00B10F9E
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00B10F79
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00B10025
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00B10FDE
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00B10036
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00B10014
.text C:\Windows\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00B10FC3
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 005A0FB9
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 005A0FDE
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00530065
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 00530F06
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00530091
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00530FA8
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00530054
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00530039
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00530F7C
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 005300AC
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00530F97
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00530080
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00530FD4
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00530FEF
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 0053001E
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00530F3C
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00530FB9
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00530F21
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00530F61
.text C:\Windows\system32\svchost.exe[1828] msvcrt.dll!_open 75F07E48 5 Bytes JMP 005B0FE3
.text C:\Windows\system32\svchost.exe[1828] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 005B0FB7
.text C:\Windows\system32\svchost.exe[1828] msvcrt.dll!system 75F3B16F 5 Bytes JMP 005B0042
.text C:\Windows\system32\svchost.exe[1828] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 005B0FD2
.text C:\Windows\system32\svchost.exe[1828] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 005B0027
.text C:\Windows\system32\svchost.exe[1828] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 005B000C
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 005D0000
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 005D0FC0
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 005D0F94
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 005D0FAF
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 005D0011
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 005D0F79
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 005D0FD1
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 005D0022
.text C:\Windows\system32\svchost.exe[1828] WS2_32.dll!socket 76753EB8 5 Bytes JMP 005C0000
.text C:\Windows\system32\svchost.exe[1828] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00620000
.text C:\Windows\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00620025
.text C:\Windows\system32\svchost.exe[1828] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00620FEF
.text C:\Windows\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00620040
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 004A0000
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 004A0FD4
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 004A0FE5
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 003D0F8A
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 003D0F46
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 003D0F57
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 003D0047
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 003D0098
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 003D007D
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 003D0FB6
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 003D0F2B
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 003D0FE5
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 003D0F79
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 003D0000
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 003D006C
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 003D0FA5
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 003D0036
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 003D0F68
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 003D00B3
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_open 75F07E48 5 Bytes JMP 0071000C
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00710070
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00710FEF
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00710044
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 0071005F
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 0071001D
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00D40FEF
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 00D40091
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00D40080
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00D4001B
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00D40FD4
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00D40051
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00D40036
.text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[3036] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00010F39
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 00010F0D
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 000100A2
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00010F6F
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00010F8A
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00010EE8
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00010F28
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00010058
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[3036] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00010F54
.text C:\Windows\system32\svchost.exe[3036] msvcrt.dll!_open 75F07E48 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[3036] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 00120016
.text C:\Windows\system32\svchost.exe[3036] msvcrt.dll!system 75F3B16F 5 Bytes JMP 00120F8B
.text C:\Windows\system32\svchost.exe[3036] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 00120FC1
.text C:\Windows\system32\svchost.exe[3036] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 00120F9C
.text C:\Windows\system32\svchost.exe[3036] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 00120FD2
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00140FA8
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 0014002F
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00140F8D
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00140FDE
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 00140F7C
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 00140FC3
.text C:\Windows\system32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00140014
.text C:\Windows\system32\svchost.exe[3036] WS2_32.dll!socket 76753EB8 5 Bytes JMP 003E0000
.text C:\Windows\system32\svchost.exe[3036] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00400000
.text C:\Windows\system32\svchost.exe[3036] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00400FD1
.text C:\Windows\system32\svchost.exe[3036] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00400011
.text C:\Windows\system32\svchost.exe[3036] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00400022
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00040011
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 00040FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 000100C1
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 000100ED
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00010F58
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00010FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00010084
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00010062
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00010073
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00010F47
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateThread 7642DCC2 5 Bytes JMP 6AB7723B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00010F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00010011
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00010047
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 000100B0
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00010FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 000100D2
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 0001009F
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 000E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 000E001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 000E0036
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 000E0F94
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 000E0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 000E0F79
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 000E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 000E0FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] msvcrt.dll!_open 75F07E48 5 Bytes JMP 000F0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 000F004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] msvcrt.dll!system 75F3B16F 5 Bytes JMP 000F0033
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 000F0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 000F0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 000F0018
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!EnableWindow 75F98D02 5 Bytes JMP 6ABB9934 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DefWindowProcA 75F9BB1C 7 Bytes JMP 6AB79465 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!CreateWindowExA 75F9BF40 5 Bytes JMP 6AB83293 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!CreateWindowExW 75F9EC7C 5 Bytes JMP 6ABDFEAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DefWindowProcW 75FA507D 7 Bytes JMP 6ABD7B32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxParamW 75FB3B9B 5 Bytes JMP 6AB1160B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxIndirectParamW 75FC3B7F 5 Bytes JMP 6AD0605E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxParamA 75FDCF42 5 Bytes JMP 6AD05FF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxIndirectParamA 75FDD274 5 Bytes JMP 6AD060C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxIndirectA 75FEE869 5 Bytes JMP 6AD05F80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxIndirectW 75FEE963 5 Bytes JMP 6AD05F07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxExA 75FEE9C9 5 Bytes JMP 6AD05EA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxExW 75FEE9ED 5 Bytes JMP 6AD05E3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] ole32.dll!OleLoadFromStream 778E6143 5 Bytes JMP 6AD0682D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 00110000
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 00110FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 00110FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00110025
.text C:\Program Files\Internet Explorer\iexplore.exe[3496] WS2_32.dll!socket 76753EB8 5 Bytes JMP 002E0FE5
? C:\Windows\System32\svchost.exe[3540] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll
.text C:\Windows\System32\svchost.exe[3540] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00040000
.text C:\Windows\System32\svchost.exe[3540] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00040FDB
.text C:\Windows\System32\svchost.exe[3540] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 0004001B
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 000100B6
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 000100E2
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 000100C7
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00010036
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 00010094
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00010FB2
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00010079
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00010F28
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00010F72
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00010025
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00010FC3
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 000100A5
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00010F57
.text C:\Windows\System32\svchost.exe[3540] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00010F97
.text C:\Windows\System32\svchost.exe[3540] msvcrt.dll!_open 75F07E48 5 Bytes JMP 000E0000
.text C:\Windows\System32\svchost.exe[3540] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 000E0FB7
.text C:\Windows\System32\svchost.exe[3540] msvcrt.dll!system 75F3B16F 5 Bytes JMP 000E0042
.text C:\Windows\System32\svchost.exe[3540] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 000E0FD2
.text C:\Windows\System32\svchost.exe[3540] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 000E0027
.text C:\Windows\System32\svchost.exe[3540] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 000E0FE3
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 000F0036
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 000F0058
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegCreateKeyW 76941514 5 Bytes JMP 000F0047
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegOpenKeyW 76942459 5 Bytes JMP 000F0FD4
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 000F0F9B
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 000F0025
.text C:\Windows\System32\svchost.exe[3540] advapi32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 000F000A
.text C:\Windows\System32\svchost.exe[3540] WS2_32.dll!socket 76753EB8 5 Bytes JMP 00140000
.text C:\Windows\System32\svchost.exe[3540] wininet.dll!InternetOpenA 769F4E33 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[3540] wininet.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 0015001B
.text C:\Windows\System32\svchost.exe[3540] wininet.dll!InternetOpenW 76A2C02E 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[3540] wininet.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 00150FCA
.text C:\Windows\Explorer.EXE[3872] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[3872] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00040025
.text C:\Windows\Explorer.EXE[3872] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 0004000A
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00010F5B
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 000100B0
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 0001009F
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00010FC0
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 0001005F
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00010044
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00010F87
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 00010F00
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00010022
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00010F40
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 00010011
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00010033
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00010F6C
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00010FD1
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 00010F2F
.text C:\Windows\Explorer.EXE[3872] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 0001007A
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 001E0FE5
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 001E004A
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 001E0080
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 001E005B
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 001E0000
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 001E009B
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 001E002F
.text C:\Windows\Explorer.EXE[3872] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 001E0FD4
.text C:\Windows\Explorer.EXE[3872] msvcrt.dll!_open 75F07E48 5 Bytes JMP 001F0FE3
.text C:\Windows\Explorer.EXE[3872] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 001F004C
.text C:\Windows\Explorer.EXE[3872] msvcrt.dll!system 75F3B16F 5 Bytes JMP 001F0031
.text C:\Windows\Explorer.EXE[3872] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 001F0016
.text C:\Windows\Explorer.EXE[3872] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 001F0FC1
.text C:\Windows\Explorer.EXE[3872] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 001F0FD2
.text C:\Windows\Explorer.EXE[3872] WS2_32.dll!socket 76753EB8 5 Bytes JMP 009A000A
.text C:\Windows\Explorer.EXE[3872] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 07590000
.text C:\Windows\Explorer.EXE[3872] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 07590FDB
.text C:\Windows\Explorer.EXE[3872] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 0759001B
.text C:\Windows\Explorer.EXE[3872] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 0759002C
.text C:\Windows\System32\ping.exe[4260] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 005B000A
.text C:\Windows\System32\ping.exe[4260] ntdll.dll!NtCreateProcessEx 77A856A8 5 Bytes JMP 005C000A
.text C:\Windows\System32\ping.exe[4260] ntdll.dll!NtCreateUserProcess 77A85778 5 Bytes JMP 005D000A
.text C:\Windows\System32\ping.exe[4260] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 004D000A
.text C:\Windows\System32\ping.exe[4260] ntdll.dll!NtWriteVirtualMemory 77A86A98 5 Bytes JMP 0057000A
.text C:\Windows\System32\ping.exe[4260] ntdll.dll!KiUserExceptionDispatcher 77A87008 5 Bytes JMP 0026000A
.text C:\Windows\System32\ping.exe[4260] USER32.dll!GetCursorPos 75F9A4B3 5 Bytes JMP 0060000A
.text C:\Windows\System32\ping.exe[4260] USER32.dll!GetForegroundWindow 75FA335D 5 Bytes JMP 0062000A
.text C:\Windows\System32\ping.exe[4260] USER32.dll!WindowFromPoint 75FC6BE9 5 Bytes JMP 0061000A
.text C:\Windows\System32\ping.exe[4260] ole32.dll!CoCreateInstance 77929D0B 5 Bytes JMP 005F000A
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] kernel32.dll!FindResourceW 764254CF 5 Bytes JMP 0042B700 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] kernel32.dll!FindResourceA 7642A475 5 Bytes JMP 0042B6C0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] USER32.dll!LoadStringA 75F966A7 5 Bytes JMP 0042B990 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] USER32.dll!LoadStringW 75F9DFBA 5 Bytes JMP 0042B8E0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] USER32.dll!LoadMenuW 75F9F214 5 Bytes JMP 0042B880 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] USER32.dll!LoadMenuA 75FAF92C 5 Bytes JMP 0042B820 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] USER32.dll!CreateDialogParamA 75FB1F42 5 Bytes JMP 0042B740 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4296] USER32.dll!CreateDialogParamW 75FC5630 5 Bytes JMP 0042B7B0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Windows\System32\svchost.exe[5480] ntdll.dll!NtCreateFile 77A855C8 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[5480] ntdll.dll!NtCreateProcess 77A85698 5 Bytes JMP 00040025
.text C:\Windows\System32\svchost.exe[5480] ntdll.dll!NtProtectVirtualMemory 77A85F18 5 Bytes JMP 0004000A
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!GetStartupInfoA 763E1E10 5 Bytes JMP 00010F43
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreateProcessW 763E204D 5 Bytes JMP 000100C7
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreateProcessA 763E2082 5 Bytes JMP 00010F32
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreateNamedPipeW 76412D47 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!VirtualProtect 76422BCD 5 Bytes JMP 0001006C
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!LoadLibraryExA 76424466 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!LoadLibraryExW 76425079 5 Bytes JMP 00010F94
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!GetProcAddress 7642CC94 5 Bytes JMP 000100E2
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!LoadLibraryA 7642DC65 5 Bytes JMP 00010FDB
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!GetStartupInfoW 7642E2DD 5 Bytes JMP 00010091
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreateFileW 7642E8A5 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreateFileA 7642EA61 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!LoadLibraryW 7642EF42 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreatePipe 764412A6 5 Bytes JMP 00010F5E
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!CreateNamedPipeA 7646DBA8 5 Bytes JMP 00010036
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!WinExec 7646EDB2 5 Bytes JMP 000100AC
.text C:\Windows\System32\svchost.exe[5480] kernel32.dll!VirtualProtectEx 7646FD51 5 Bytes JMP 00010F79
.text C:\Windows\System32\svchost.exe[5480] msvcrt.dll!_open 75F07E48 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[5480] msvcrt.dll!_wsystem 75F3B04F 5 Bytes JMP 000E0016
.text C:\Windows\System32\svchost.exe[5480] msvcrt.dll!system 75F3B16F 5 Bytes JMP 000E0F8B
.text C:\Windows\System32\svchost.exe[5480] msvcrt.dll!_creat 75F3ED29 5 Bytes JMP 000E0FB7
.text C:\Windows\System32\svchost.exe[5480] msvcrt.dll!_wcreat 75F4038E 5 Bytes JMP 000E0F9C
.text C:\Windows\System32\svchost.exe[5480] msvcrt.dll!_wopen 75F40570 5 Bytes JMP 000E0FD2
.text C:\Windows\System32\svchost.exe[5480] WS2_32.dll!socket 76753EB8 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegOpenKeyA 7693CC15 5 Bytes JMP 0010000A
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegCreateKeyA 7693CD01 5 Bytes JMP 00100040
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegCreateKeyExA 76941469 5 Bytes JMP 0010005B
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegCreateKeyW 76941514 5 Bytes JMP 00100FB9
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegOpenKeyW 76942459 5 Bytes JMP 00100FE5
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegCreateKeyExW 769440FE 5 Bytes JMP 0010006C
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegOpenKeyExW 7694468D 5 Bytes JMP 0010002F
.text C:\Windows\System32\svchost.exe[5480] ADVAPI32.dll!RegOpenKeyExA 76944907 5 Bytes JMP 00100FD4
.text C:\Windows\System32\svchost.exe[5480] WININET.dll!InternetOpenA 769F4E33 5 Bytes JMP 003C0FEF
.text C:\Windows\System32\svchost.exe[5480] WININET.dll!InternetOpenUrlA 769FBFCE 5 Bytes JMP 003C0FC3
.text C:\Windows\System32\svchost.exe[5480] WININET.dll!InternetOpenW 76A2C02E 5 Bytes JMP 003C0FD4
.text C:\Windows\System32\svchost.exe[5480] WININET.dll!InternetOpenUrlW 76A5D70A 5 Bytes JMP 003C0014

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 906F5000-90716000 (135168

#3 Lorric

Lorric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 05 December 2011 - 10:59 PM

Hi..should I repost this?

EDIT: Please be patient. There are over 160 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~Budapest

Edited by Budapest, 06 December 2011 - 05:05 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 07 December 2011 - 12:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430405 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 12 December 2011 - 04:10 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users