Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't find server for google/yahoo search


  • Please log in to reply
3 replies to this topic

#1 Jabari

Jabari

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 07 December 2011 - 08:48 PM

Hello,

A couple of days ago, I got the XP Security 2012 malware. I was able to run RKill and then MBAM which got rid of the immediate issues, but I am now seeing one lingering problem that I can't figure out.

When I try to go to www.google.com or use the yahoo search, it comes back with either a "can't find server" or "connection timed out" error.

The rest of the internet seems to be ok, including both Google Maps and Yahoo Mail. A ping to www.google.com just times out though.

Also, this laptop is going through a wireless router, but my desktop that is wired in to the same router is fine. Wiring the laptop directly into the router doesn't help.

I don't think I completely cleared everything up - today I had McAfee pop up in the middle of the day saying it caught and deleted gxb.exe (Why it found it this time but not previously I'll never know...).

As a last piece of information, I have temporarily gotten the search sites back up a couple times - once by physically resetting the router (which lasted until a reboot), and once just now after a reboot (which lasted about 10 minutes until it stopped working again).

I have run MBAM both quick and full scan, with no further issues reported. /flushdns doesn't seem to help.

Any ideas?

Thanks!
Mike

BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:18 AM

Posted 07 December 2011 - 09:41 PM

Hi Jabari, :busy:

I know it looks like a lot, but it's really just a lot of text asking for only 3 scans.

Once you've done these and posted the results in your next post, let me know how the computer is running.

Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.

============================================================================

============================================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

============================================================================

============================================================================

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

============================================================================

============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

============================================================================

============================================================================

Remember, after posting the results of these scans, let me know how the computer is running.

Edited by TheShooter93, 07 December 2011 - 09:41 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 Jabari

Jabari
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 09 December 2011 - 11:07 AM

Ok, here we go!

After running the following, I'm still having the same issues.

NOTE: For the SAS run, I had to go into "Safe Mode with Networking" instead of just "Safe Mode", as I couldn't get onto my account on the laptop in the latter.

Warning: The GMER log file is huge!


Security Check:

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
McAfee VirusScan Enterprise
McAfee Agent
McAfee Host Intrusion Prevention
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Eusing Free Registry Cleaner
Java™ 6 Update 14
Java™ 6 Update 24
Java™ SE Runtime Environment 6 Update 1
Java™ SE Development Kit 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.6.2.1
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Super-Anti Sypware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/09/2011 at 02:11 AM

Application Version : 5.0.1136

Core Rules Database Version : 8027
Trace Rules Database Version: 5839

Scan type : Complete Scan
Total Scan Time : 02:04:55

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 259
Memory threats detected : 0
Registry items scanned : 42627
Registry threats detected : 0
File items scanned : 309731
File threats detected : 85

Adware.Tracking Cookie
secure-us.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W7UJDPWF ]
.kontera.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
track.prd1.netshelter.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]
.andomedia.com [ D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W8JL7BBD.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Frauder
D:\DOCUMENTS AND SETTINGS\E061715\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\58\13152FBA-35A8787A

Trojan.Agent/Gen-Krpytik
D:\SHARED\747-BUILD_24_00_111\ENG_BUILD_SUPPORT\E170\HYPERSTART\HYPSTART.EXE
D:\SHARED\747-BUILD_24_00_111\ENG_BUILD_SUPPORT\G650\HYPERSTART\HYPSTART.EXE
ZIP ARCHIVE( D:\SHARED\ENG_BUILD_SUPPORT.ZIP )/ENG_BUILD_SUPPORT/E170/HYPERSTART/HYPSTART.EXE
D:\SHARED\ENG_BUILD_SUPPORT.ZIP
ZIP ARCHIVE( D:\SHARED\ENG_BUILD_SUPPORT.ZIP )/ENG_BUILD_SUPPORT/G650/HYPERSTART/HYPSTART.EXE

#4 Jabari

Jabari
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 09 December 2011 - 11:09 AM

GMER log (part 1), as it didn't fit into the previous post...

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-09 07:31:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: sn5dlmoh.exe; Driver: c:\temp\fgddiaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\SbPrcCtl.SYS (McAfee Endpoint Encryption Process Control/McAfee, Inc.) ZwCreateSection [0xA93C99B1]
SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwCreateThread [0xA8954E5F]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA88BC640]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xB7DDC5FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB7DDC4A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB7DDC468]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB7DDC47C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7DDC4BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7DDC4E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB7DDC554]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB7DDC53E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB7DDC56A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xB7DDC5E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7DDC492]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7DDC404]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7DDC418]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB7DDC5BE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB7DDC528]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB7DDC512]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7DDC4D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB7DDC5AA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB7DDC596]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7DDC454]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7DDC440]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB7DDC5D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7DDC4FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7DDC42C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB7DDC580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtConnectPort 805A45D0 5 Bytes JMP B7DDC600 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwMakeTemporaryObject 805BC5D4 5 Bytes JMP B7DDC5EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B7DDC5D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B7DDC408 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B7DDC41C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE8A 5 Bytes JMP B7DDC444 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B7DDC480 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP B7DDC46C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D173A 5 Bytes JMP B7DDC458 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B7DDC430 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80622314 7 Bytes JMP B7DDC516 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B7DDC500 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 8062298C 7 Bytes JMP B7DDC584 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062323E 7 Bytes JMP B7DDC52C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B7DDC4D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B7DDC4AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B7DDC4BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B7DDC4EA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062493C 7 Bytes JMP B7DDC558 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624BA6 7 Bytes JMP B7DDC542 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B7DDC496 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80625810 7 Bytes JMP B7DDC5C2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625AD0 5 Bytes JMP B7DDC59A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 80625F20 7 Bytes JMP B7DDC56E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 806261C4 5 Bytes JMP B7DDC5AE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text iaStor.sys B7E766AE 1 Byte [CC] {INT 3 }
? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5F3F360, 0x33ABBD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F20004
.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C40004
.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F00004
.text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E20004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00FE0004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E40004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01010004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E00004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00FC0004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00DE0004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40004
.text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00EE0004
.text C:\WINDOWS\system32\svchost.exe[344] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 011F0004
.text C:\WINDOWS\system32\svchost.exe[344] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 011C0004
.text C:\WINDOWS\system32\svchost.exe[344] msvcrt.dll!system 77C293C7 5 Bytes JMP 01030004
.text C:\WINDOWS\system32\svchost.exe[344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01090004
.text C:\WINDOWS\system32\svchost.exe[344] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01100004
.text C:\WINDOWS\system32\svchost.exe[344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010C0004
.text C:\WINDOWS\system32\svchost.exe[344] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01140004
.text C:\WINDOWS\system32\svchost.exe[344] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E0004
.text C:\WINDOWS\system32\svchost.exe[344] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01160004
.text C:\WINDOWS\system32\svchost.exe[344] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01120004
.text C:\WINDOWS\system32\svchost.exe[344] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 00B70004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C50004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00ED0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00FC0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E20004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00FE0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00F90004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00DC0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F10004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00EB0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01130004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] msvcrt.dll!system 77C293C7 5 Bytes JMP 01000004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01060004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] WS2_32.dll!select 71AB30A8 5 Bytes JMP 010D0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01090004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01110004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010B0004
.text C:\Program Files\SafeBoot\SbClientManager.exe[380] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010F0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B90004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006F0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00B70004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00C50004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B00004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00C70004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00C30004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00A60004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00B50004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00DD0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00D60004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D20004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00DA0004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D40004
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[400] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D80004
.text C:\PROGRA~1\LANDesk\LDClient\collector.exe[424] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\svchost.exe[496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01160004
.text C:\WINDOWS\system32\svchost.exe[496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E30004
.text C:\WINDOWS\system32\svchost.exe[496] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01140004
.text C:\WINDOWS\system32\svchost.exe[496] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011C0004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011A0004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01070004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01220004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01100004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011E0004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01090004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010D0004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01240004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01050004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01200004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01030004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01180004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01120004
.text C:\WINDOWS\system32\svchost.exe[496] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01430004
.text C:\WINDOWS\system32\svchost.exe[496] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 01400004
.text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!system 77C293C7 5 Bytes JMP 01260004
.text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012C0004
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01330004
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012F0004
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!bind 71AB4480 3 Bytes JMP 01370004
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!bind + 4 71AB4484 1 Byte [8F]
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01310004
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01390004
.text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01350004
.text C:\WINDOWS\System32\svchost.exe[536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02400004
.text C:\WINDOWS\System32\svchost.exe[536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02200004
.text C:\WINDOWS\System32\svchost.exe[536] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 023E0004
.text C:\WINDOWS\System32\svchost.exe[536] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02440004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02350004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02310004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 024C0004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 023A0004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02480004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02330004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02370004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 024E0004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 022F0004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 024A0004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 022D0004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02420004
.text C:\WINDOWS\System32\svchost.exe[536] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 023C0004
.text C:\WINDOWS\System32\svchost.exe[536] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 026E0004
.text C:\WINDOWS\System32\svchost.exe[536] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 026B0004
.text C:\WINDOWS\System32\svchost.exe[536] msvcrt.dll!system 77C293C7 5 Bytes JMP 02500004
.text C:\WINDOWS\System32\svchost.exe[536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02560004
.text C:\WINDOWS\System32\svchost.exe[536] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 02650004
.text C:\WINDOWS\System32\svchost.exe[536] WS2_32.dll!select 71AB30A8 5 Bytes JMP 025D0004
.text C:\WINDOWS\System32\svchost.exe[536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02590004
.text C:\WINDOWS\System32\svchost.exe[536] WS2_32.dll!bind 71AB4480 5 Bytes JMP 02610004
.text C:\WINDOWS\System32\svchost.exe[536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 025B0004
.text C:\WINDOWS\System32\svchost.exe[536] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02630004
.text C:\WINDOWS\System32\svchost.exe[536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 025F0004
.text C:\WINDOWS\System32\svchost.exe[536] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 022B0004
.text C:\WINDOWS\System32\svchost.exe[536] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02290004
.text C:\WINDOWS\System32\svchost.exe[536] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 02270004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01440004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011A0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01420004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014A0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01480004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01390004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01350004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01500004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013E0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014C0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01370004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013B0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01520004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01330004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 014E0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01310004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01460004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01400004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01610004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015D0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01650004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015F0004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01630004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01670004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] msvcrt.dll!system 77C293C7 5 Bytes JMP 01540004
.text C:\Program Files\LANDesk\Shared Files\residentagent.exe[680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015A0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01130004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EA0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01110004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01190004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01170004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01080004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01040004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 011F0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010D0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011B0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01060004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010A0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01210004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01020004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 011D0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01000004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01150004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 010F0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01360004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 01230004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01290004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01300004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012C0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01340004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012E0004
.text C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe[688] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01320004
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0004
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008F0004
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00BA0004
.text C:\WINDOWS\System32\svchost.exe[728] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00C80004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B60004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AF0004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00CA0004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB0004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00C60004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00A90004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0004
.text C:\WINDOWS\System32\svchost.exe[728] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00B80004
.text C:\WINDOWS\System32\svchost.exe[728] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00EA0004
.text C:\WINDOWS\System32\svchost.exe[728] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 00E70004
.text C:\WINDOWS\System32\svchost.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0004
.text C:\WINDOWS\System32\svchost.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20004
.text C:\WINDOWS\System32\svchost.exe[728] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00D90004
.text C:\WINDOWS\System32\svchost.exe[728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50004
.text C:\WINDOWS\System32\svchost.exe[728] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00DD0004
.text C:\WINDOWS\System32\svchost.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D70004
.text C:\WINDOWS\System32\svchost.exe[728] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DF0004
.text C:\WINDOWS\System32\svchost.exe[728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DB0004
.text C:\WINDOWS\System32\svchost.exe[736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01460004
.text C:\WINDOWS\System32\svchost.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D70004
.text C:\WINDOWS\System32\svchost.exe[736] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01440004
.text C:\WINDOWS\System32\svchost.exe[736] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014C0004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014A0004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01520004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014E0004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01540004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E30004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01500004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00E10004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01480004
.text C:\WINDOWS\System32\svchost.exe[736] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01420004
.text C:\WINDOWS\System32\svchost.exe[736] RPCRT4.dll!NdrServerInitialize 77E79FB5 3 Bytes JMP 01730004
.text C:\WINDOWS\System32\svchost.exe[736] RPCRT4.dll!NdrServerInitialize + 4 77E79FB9 1 Byte [89]
.text C:\WINDOWS\System32\svchost.exe[736] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 016F0004
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 01560004
.text C:\WINDOWS\System32\svchost.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015C0004
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01630004
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015F0004
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01670004
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01610004
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01690004
.text C:\WINDOWS\System32\svchost.exe[736] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01650004
.text C:\WINDOWS\System32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E00004
.text C:\WINDOWS\System32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B30004
.text C:\WINDOWS\System32\svchost.exe[828] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00DE0004
.text C:\WINDOWS\System32\svchost.exe[828] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00ED0004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00EF0004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00EB0004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00CD0004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E20004
.text C:\WINDOWS\System32\svchost.exe[828] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00DC0004
.text C:\WINDOWS\System32\svchost.exe[828] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 010E0004
.text C:\WINDOWS\System32\svchost.exe[828] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 010B0004
.text C:\WINDOWS\System32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10004
.text C:\WINDOWS\System32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70004
.text C:\WINDOWS\System32\svchost.exe[828] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00FE0004
.text C:\WINDOWS\System32\svchost.exe[828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0004
.text C:\WINDOWS\System32\svchost.exe[828] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01030004
.text C:\WINDOWS\System32\svchost.exe[828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FC0004
.text C:\WINDOWS\System32\svchost.exe[828] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01050004
.text C:\WINDOWS\System32\svchost.exe[828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01010004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 025E0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01130004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 025C0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02640004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02620004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02530004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024F0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 026A0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02580004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02660004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02510004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02550004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 026C0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024D0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 02680004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 024B0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02600004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 025A0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 026E0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02740004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 02810004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] WS2_32.dll!select 71AB30A8 5 Bytes JMP 027B0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02770004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] WS2_32.dll!bind 71AB4480 5 Bytes JMP 027F0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02790004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe[832] WS2_32.dll!recv 71AB676F 5 Bytes JMP 027D0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B30004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C50004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 02B10004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B90004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B70004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A80004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01DB0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 02BF0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AD0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02BB0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02A60004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02AA0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 02C10004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 02BD0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00CF0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B50004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 02AF0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WS2_32.dll!select 71AB30A8 5 Bytes JMP 02D00004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02CC0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WS2_32.dll!bind 71AB4480 5 Bytes JMP 02D40004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02CE0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02D20004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 02D60004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] msvcrt.dll!system 77C293C7 5 Bytes JMP 02C30004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02C90004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00CD0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00CB0004
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[868] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00C90004
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01B60004
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00680004
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01B40004
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01BC0004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01BA0004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01AB0004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01A70004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01C20004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01B00004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01BE0004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01A90004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01AD0004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01C40004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01A50004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01C00004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01A30004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01B80004
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01B20004
.text C:\WINDOWS\System32\svchost.exe[880] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01E40004
.text C:\WINDOWS\System32\svchost.exe[880] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 01E10004
.text C:\WINDOWS\System32\svchost.exe[880] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C60004
.text C:\WINDOWS\System32\svchost.exe[880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01CC0004
.text C:\WINDOWS\System32\svchost.exe[880] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01DB0004
.text C:\WINDOWS\System32\svchost.exe[880] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01D30004
.text C:\WINDOWS\System32\svchost.exe[880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01CF0004
.text C:\WINDOWS\System32\svchost.exe[880] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01D70004
.text C:\WINDOWS\System32\svchost.exe[880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D10004
.text C:\WINDOWS\System32\svchost.exe[880] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01D90004
.text C:\WINDOWS\System32\svchost.exe[880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01D50004
.text C:\WINDOWS\system32\ence618.exe[988] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe[1020] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe[1040] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\CBA\pds.exe[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01440004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011A0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01420004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014A0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01480004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01390004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01350004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01500004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013E0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014C0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01370004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013B0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01520004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01330004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 014E0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01310004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01460004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01400004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01610004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015D0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01650004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015F0004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01630004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01670004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 01540004
.text C:\WINDOWS\system32\CBA\pds.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015A0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02100004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01450004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 020E0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02160004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02140004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02050004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02010004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 021C0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 020A0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02180004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02030004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02070004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 021E0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01FF0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 021A0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01FD0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!WinExec 7C86250D 3 Bytes JMP 02120004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!WinExec + 4 7C862511 1 Byte [85]
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 020C0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] msvcrt.dll!system 77C293C7 5 Bytes JMP 02200004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02260004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 02330004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] WS2_32.dll!select 71AB30A8 5 Bytes JMP 022D0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02290004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] WS2_32.dll!bind 71AB4480 5 Bytes JMP 02310004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] WS2_32.dll!send 71AB4C27 5 Bytes JMP 022B0004
.text C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe[1184] WS2_32.dll!recv 71AB676F 5 Bytes JMP 022F0004
.text C:\PROGRA~1\LANDesk\LDClient\issuser.exe[1292] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 014D0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01240004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 014B0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01530004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01510004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01420004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013E0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01590004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01470004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01550004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01400004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01440004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 015B0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013C0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01570004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 013A0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014F0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01490004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] WS2_32.dll!select 71AB30A8 5 Bytes JMP 016B0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01670004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] WS2_32.dll!bind 71AB4480 5 Bytes JMP 016F0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01690004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016D0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01710004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] msvcrt.dll!system 77C293C7 5 Bytes JMP 015D0004
.text C:\Program Files\Java\jre6\bin\jqs.exe[1328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01640004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01350004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010A0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01330004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013B0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01390004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012A0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01260004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01410004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012F0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013D0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01280004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012C0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01430004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01240004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 013F0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01110004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01370004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01310004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01590004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 01450004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014C0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01530004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014F0004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01570004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01510004
.text C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe[1372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01550004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01D50004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01AB0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01D30004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01DB0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01D90004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01CA0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01C60004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01E10004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01CF0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01DD0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01C80004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01CC0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01E30004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01C40004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01DF0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01C20004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01D70004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01D10004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01F20004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01EE0004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01F60004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F00004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01F40004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01F80004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 01E50004
.text C:\Program Files\LANDesk\LDClient\tmcsvc.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01EB0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 014A0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011F0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01480004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01500004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014E0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013F0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013B0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01560004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01440004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01520004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013D0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01410004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01580004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01390004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01540004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01360004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014C0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01460004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 016D0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] msvcrt.dll!system 77C293C7 5 Bytes JMP 015A0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01600004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01670004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01630004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] WS2_32.dll!bind 71AB4480 5 Bytes JMP 016B0004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01650004
.text C:\Program Files\LANDesk\LDClient\amtmon.exe[1456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01690004
.text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E70004
.text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BA0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00E50004
.text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010D0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00F30004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E10004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00F50004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00F10004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00D40004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90004
.text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00E30004
.text C:\WINDOWS\system32\spoolsv.exe[1660] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 010F0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70004
.text C:\WINDOWS\system32\spoolsv.exe[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01050004
.text C:\WINDOWS\system32\spoolsv.exe[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01010004
.text C:\WINDOWS\system32\spoolsv.exe[1660] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01090004
.text C:\WINDOWS\system32\spoolsv.exe[1660] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01030004
.text C:\WINDOWS\system32\spoolsv.exe[1660] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 010B0004
.text C:\WINDOWS\system32\spoolsv.exe[1660] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01070004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01A30004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01790004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01A10004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A90004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A70004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01980004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01940004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01AF0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019D0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AB0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01960004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 019A0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01B10004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01920004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01AD0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01900004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A50004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 019F0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01C60004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B30004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B90004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01C00004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01BC0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01C40004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01BE0004
.text c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe[1716] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01C20004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00910004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00B80004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AF0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00C60004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B40004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B10004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00C80004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A90004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00C40004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00A70004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00B60004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00DD0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00D70004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D30004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00DB0004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D50004
.text C:\WINDOWS\System32\SCardSvr.exe[1792] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D90004
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01020004
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D00004
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00FF0004
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01080004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01060004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F20004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 010E0004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010A0004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01100004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 010C0004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00EE0004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01040004
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00FD0004
.text C:\WINDOWS\System32\svchost.exe[1864] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01300004
.text C:\WINDOWS\System32\svchost.exe[1864] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 012D0004
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 01120004
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01180004
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00EC0004
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00EA0004
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00E80004
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!select 71AB30A8 5 Bytes JMP 011F0004
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011B0004
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01230004
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011D0004
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01250004
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01210004
.text C:\WINDOWS\System32\svchost.exe[1864] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01270004
.text C:\WINDOWS\system32\csrss.exe[1888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03E60004
.text C:\WINDOWS\system32\csrss.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03BC0004
.text C:\WINDOWS\system32\csrss.exe[1888] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 03E40004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03EC0004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03EA0004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03DB0004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03D70004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 03F20004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 03E00004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03EE0004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03D90004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03DD0004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 03F40004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03D50004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!OpenProcess 7C8309E9 5 Bytes JMP 03F00004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 03D30004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 03E80004
.text C:\WINDOWS\system32\csrss.exe[1888] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 03E20004
.text C:\WINDOWS\system32\csrss.exe[1888] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 040C0004
.text C:\WINDOWS\system32\csrss.exe[1888] msvcrt.dll!system 77C293C7 5 Bytes JMP 03F60004
.text C:\WINDOWS\system32\csrss.exe[1888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03FC0004
.text C:\WINDOWS\system32\csrss.exe[1888] WS2_32.dll!select 71AB30A8 5 Bytes JMP 04030004
.text C:\WINDOWS\system32\csrss.exe[1888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03FF0004
.text C:\WINDOWS\system32\csrss.exe[1888] WS2_32.dll!bind 71AB4480 5 Bytes JMP 04070004
.text C:\WINDOWS\system32\csrss.exe[1888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 04010004
.text C:\WINDOWS\system32\csrss.exe[1888] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 04090004
.text C:\WINDOWS\system32\csrss.exe[1888] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04050004

GMER log part 2 (continued from last post)

.text C:\WINDOWS\system32\winlogon.exe[1920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 021A0004
.text C:\WINDOWS\system32\winlogon.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01DF0004
.text C:\WINDOWS\system32\winlogon.exe[1920] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 02180004
.text C:\WINDOWS\system32\winlogon.exe[1920] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02200004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 021E0004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 020F0004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 020B0004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 02260004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02140004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02220004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 020D0004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02110004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 02280004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02090004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 02240004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 02070004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 021C0004
.text C:\WINDOWS\system32\winlogon.exe[1920] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 02160004
.text C:\WINDOWS\system32\winlogon.exe[1920] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 02410004
.text C:\WINDOWS\system32\winlogon.exe[1920] Secur32.dll!LsaCallAuthenticationPackage 77FE21A8 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[1920] Secur32.dll!LsaLogonUser 77FE33F1 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1920] msvcrt.dll!system 77C293C7 5 Bytes JMP 022A0004
.text C:\WINDOWS\system32\winlogon.exe[1920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02300004
.text C:\WINDOWS\system32\winlogon.exe[1920] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 023F0004
.text C:\WINDOWS\system32\winlogon.exe[1920] WS2_32.dll!select 71AB30A8 5 Bytes JMP 02370004
.text C:\WINDOWS\system32\winlogon.exe[1920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02330004
.text C:\WINDOWS\system32\winlogon.exe[1920] WS2_32.dll!bind 71AB4480 5 Bytes JMP 023B0004
.text C:\WINDOWS\system32\winlogon.exe[1920] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02350004
.text C:\WINDOWS\system32\winlogon.exe[1920] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 023D0004
.text C:\WINDOWS\system32\winlogon.exe[1920] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02390004
.text C:\WINDOWS\system32\services.exe[1964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 09750004
.text C:\WINDOWS\system32\services.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 092C0004
.text C:\WINDOWS\system32\services.exe[1964] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 09730004
.text C:\WINDOWS\system32\services.exe[1964] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 097B0004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 09790004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 096A0004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 09660004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 09810004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 096F0004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 097D0004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 09680004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 096C0004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 09830004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 09640004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 097F0004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 09620004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 09770004
.text C:\WINDOWS\system32\services.exe[1964] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 09710004
.text C:\WINDOWS\system32\services.exe[1964] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 09A30004
.text C:\WINDOWS\system32\services.exe[1964] msvcrt.dll!system 77C293C7 5 Bytes JMP 09850004
.text C:\WINDOWS\system32\services.exe[1964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 098C0004
.text C:\WINDOWS\system32\services.exe[1964] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 09A10004
.text C:\WINDOWS\system32\services.exe[1964] WS2_32.dll!select 71AB30A8 5 Bytes JMP 09930004
.text C:\WINDOWS\system32\services.exe[1964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 098F0004
.text C:\WINDOWS\system32\services.exe[1964] WS2_32.dll!bind 71AB4480 5 Bytes JMP 09970004
.text C:\WINDOWS\system32\services.exe[1964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 09910004
.text C:\WINDOWS\system32\services.exe[1964] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 099D0004
.text C:\WINDOWS\system32\services.exe[1964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 09950004
.text C:\WINDOWS\system32\lsass.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01390004
.text C:\WINDOWS\system32\lsass.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DD0004
.text C:\WINDOWS\system32\lsass.exe[1976] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01370004
.text C:\WINDOWS\system32\lsass.exe[1976] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013F0004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013D0004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012E0004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012A0004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01450004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01330004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01410004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012C0004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01300004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01470004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01280004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01430004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01260004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013B0004
.text C:\WINDOWS\system32\lsass.exe[1976] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01350004
.text C:\WINDOWS\system32\lsass.exe[1976] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01600004
.text C:\WINDOWS\system32\lsass.exe[1976] LSASRV.dll!LsarLookupSids 7573F26F 5 Bytes JMP 01030004
.text C:\WINDOWS\system32\lsass.exe[1976] LSASRV.dll!LsarLookupNames 757A079F 5 Bytes JMP 01010004
.text C:\WINDOWS\system32\lsass.exe[1976] msvcrt.dll!system 77C293C7 5 Bytes JMP 01490004
.text C:\WINDOWS\system32\lsass.exe[1976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014F0004
.text C:\WINDOWS\system32\lsass.exe[1976] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01560004
.text C:\WINDOWS\system32\lsass.exe[1976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01520004
.text C:\WINDOWS\system32\lsass.exe[1976] WS2_32.dll!bind 71AB4480 5 Bytes JMP 015A0004
.text C:\WINDOWS\system32\lsass.exe[1976] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01540004
.text C:\WINDOWS\system32\lsass.exe[1976] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 015C0004
.text C:\WINDOWS\system32\lsass.exe[1976] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01580004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 018D0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01740004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 018B0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01930004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01910004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01820004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017E0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01990004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01870004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01950004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01800004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01840004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 019B0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 017C0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01970004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 017A0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 018F0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01890004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] MSVCRT.dll!system 77C293C7 5 Bytes JMP 019D0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] MSVCRT.dll!_creat 77C2D40F 5 Bytes JMP 01A30004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01AA0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A60004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01AE0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A80004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01AC0004
.text C:\Program Files\Rational\ClearCase\bin\lockmgr.exe[2052] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01B00004
.text C:\WINDOWS\system32\AESTFltr.exe[2116] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01990004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016E0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01970004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 019F0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 019D0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 018E0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018A0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01A50004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01930004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A10004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018C0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01900004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01A70004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01880004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01A30004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01860004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019B0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01950004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01BD0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] msvcrt.dll!system 77C293C7 5 Bytes JMP 01A90004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B00004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01B70004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B30004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01BB0004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B50004
.text C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[2120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01B90004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01510004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C50004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 014F0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01570004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01550004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01460004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01420004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 015D0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014B0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01590004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01440004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01480004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 015F0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01400004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 015B0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 013E0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01530004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 014D0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01770004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] msvcrt.dll!system 77C293C7 5 Bytes JMP 01610004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01680004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WS2_32.dll!select 71AB30A8 5 Bytes JMP 016F0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016B0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01730004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016D0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01750004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01710004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 04AB0004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 04240004
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2148] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 04230004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011C0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00470004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 011A0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01430004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01410004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01110004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00520004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01490004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01160004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01450004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010F0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01130004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 014B0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00500004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01470004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 004E0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011E0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01180004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01610004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] msvcrt.dll!system 77C293C7 5 Bytes JMP 014D0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01540004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] WS2_32.dll!select 71AB30A8 5 Bytes JMP 015B0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01570004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] WS2_32.dll!bind 71AB4480 5 Bytes JMP 015F0004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01590004
.text C:\Program Files\Citrix\Streaming Client\RadeSvc.exe[2208] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015D0004
.text C:\WINDOWS\Explorer.EXE[2280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F20004
.text C:\WINDOWS\Explorer.EXE[2280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00250004
.text C:\WINDOWS\Explorer.EXE[2280] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00F00004
.text C:\WINDOWS\Explorer.EXE[2280] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00FE0004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01100004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!GetPrivateProfileSectionW 7C81EDBD 5 Bytes JMP 012D0004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00FC0004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00DF0004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40004
.text C:\WINDOWS\Explorer.EXE[2280] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00EE0004
.text C:\WINDOWS\Explorer.EXE[2280] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01420004
.text C:\WINDOWS\Explorer.EXE[2280] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 01370004
.text C:\WINDOWS\Explorer.EXE[2280] GDI32.dll!StretchDIBits 77F1B0AE 5 Bytes JMP 01390004
.text C:\WINDOWS\Explorer.EXE[2280] GDI32.dll!PlayEnhMetaFileRecord 77F20F26 5 Bytes JMP 01280004
.text C:\WINDOWS\Explorer.EXE[2280] GDI32.dll!PlayMetaFileRecord 77F24019 5 Bytes JMP 01260004
.text C:\WINDOWS\Explorer.EXE[2280] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 012B0004
.text C:\WINDOWS\Explorer.EXE[2280] GDI32.dll!CreateDIBPatternBrushPt 77F3C145 5 Bytes JMP 013B0004
.text C:\WINDOWS\Explorer.EXE[2280] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 013D0004
.text C:\WINDOWS\Explorer.EXE[2280] msvcrt.dll!system 77C293C7 5 Bytes JMP 01120004
.text C:\WINDOWS\Explorer.EXE[2280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01180004
.text C:\WINDOWS\Explorer.EXE[2280] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 01340004
.text C:\WINDOWS\Explorer.EXE[2280] SHLWAPI.dll!UrlUnescapeA 77FBF970 5 Bytes JMP 012F0004
.text C:\WINDOWS\Explorer.EXE[2280] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00DD0004
.text C:\WINDOWS\Explorer.EXE[2280] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00DB0004
.text C:\WINDOWS\Explorer.EXE[2280] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00A40004
.text C:\WINDOWS\Explorer.EXE[2280] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 01400004
.text C:\WINDOWS\Explorer.EXE[2280] WS2_32.dll!select 71AB30A8 5 Bytes JMP 011F0004
.text C:\WINDOWS\Explorer.EXE[2280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011B0004
.text C:\WINDOWS\Explorer.EXE[2280] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01230004
.text C:\WINDOWS\Explorer.EXE[2280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011D0004
.text C:\WINDOWS\Explorer.EXE[2280] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01310004
.text C:\WINDOWS\Explorer.EXE[2280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01210004
.text C:\Program Files\Java\jre6\bin\jusched.exe[2288] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D50004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AC0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00D30004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00E10004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C80004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00E30004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00DF0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00C20004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00D10004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00F90004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E50004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00F30004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EF0004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00F70004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F10004
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[2296] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F50004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D20004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A90004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00D00004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00DE0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C50004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00E00004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00DC0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00BF0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D40004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00CE0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E90004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00F60004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00F00004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EC0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00F40004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EE0004
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F20004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01A30004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004A0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01810004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A90004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A70004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01780004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01740004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01AF0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017D0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AB0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01760004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017A0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01B10004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B10004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01AD0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00AF0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A50004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 017F0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01C70004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B30004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B90004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01C00004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01BC0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01C40004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01BE0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01C20004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00AD0004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00520004
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2644] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00500004
.text C:\Program Files\DellTPad\Apoint.exe[2680] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC0004
.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004D0004
.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00DA0004
.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E20004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007F0004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00E80004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D60004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E40004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00EA0004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007D0004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00E60004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 007B0004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE0004
.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00D80004
.text C:\WINDOWS\System32\svchost.exe[2844] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01180004
.text C:\WINDOWS\System32\svchost.exe[2844] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 01110004
.text C:\WINDOWS\System32\svchost.exe[2844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0004
.text C:\WINDOWS\System32\svchost.exe[2844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20004
.text C:\WINDOWS\System32\svchost.exe[2844] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01030004
.text C:\WINDOWS\System32\svchost.exe[2844] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00FA0004
.text C:\WINDOWS\System32\svchost.exe[2844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F50004
.text C:\WINDOWS\System32\svchost.exe[2844] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00FE0004
.text C:\WINDOWS\System32\svchost.exe[2844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F80004
.text C:\WINDOWS\System32\svchost.exe[2844] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01010004
.text C:\WINDOWS\System32\svchost.exe[2844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FC0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01860004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015D0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01840004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 018C0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 018A0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 017B0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01770004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01920004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01800004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018E0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01790004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017D0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01940004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01750004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01900004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01730004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01880004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01820004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01AA0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] msvcrt.dll!system 77C293C7 5 Bytes JMP 01960004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 019D0004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01A40004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A00004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01A80004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A20004
.text C:\WINDOWS\system32\cccredmgr.exe[2956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01A60004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01DE0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00210004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01DC0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E40004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E20004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01D30004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01EA0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01D80004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E60004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01D50004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01EC0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01E80004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00F80004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01E00004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01DA0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] msvcrt.dll!system 77C293C7 5 Bytes JMP 01EE0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01F40004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] GDI32.dll!PlayEnhMetaFileRecord 77F20F26 5 Bytes JMP 02030004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] GDI32.dll!PlayMetaFileRecord 77F24019 5 Bytes JMP 02010004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 02050004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 002A0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01FB0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F70004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01FF0004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F90004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02070004
.text C:\WINDOWS\system32\RunDLL32.exe[3036] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01FD0004
.text C:\Program Files\IDT\WDM\sttray.exe[3060] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01210004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A70004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 011B0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01230004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011F0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01120004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010E0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01290004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01170004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01250004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01100004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01140004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 012B0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010C0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01270004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 010A0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011D0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01190004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 013F0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] msvcrt.dll!system 77C293C7 5 Bytes JMP 012D0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01330004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] WS2_32.dll!select 71AB30A8 5 Bytes JMP 013A0004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01360004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01420004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01380004
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3140] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013C0004
.text C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe[3144] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text D:\Documents and Settings\e061715\Desktop\sn5dlmoh.exe[3368] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00830004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00AC0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B20004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A30004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009F0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00BA0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A80004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B60004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A50004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00BC0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00B80004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 009B0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B00004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00AA0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00D90004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00CB0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00CF0004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C90004
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[3492] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CD0004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3544] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\rundll32.exe[3548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E30004
.text C:\WINDOWS\system32\rundll32.exe[3548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B50004
.text C:\WINDOWS\system32\rundll32.exe[3548] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00E10004
.text C:\WINDOWS\system32\rundll32.exe[3548] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E70004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D40004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00EF0004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB0004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D60004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00F10004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00ED0004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00D00004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50004
.text C:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00DF0004
.text C:\WINDOWS\system32\rundll32.exe[3548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30004
.text C:\WINDOWS\system32\rundll32.exe[3548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90004
.text C:\WINDOWS\system32\rundll32.exe[3548] GDI32.dll!PlayEnhMetaFileRecord 77F20F26 5 Bytes JMP 01090004
.text C:\WINDOWS\system32\rundll32.exe[3548] GDI32.dll!PlayMetaFileRecord 77F24019 5 Bytes JMP 01070004
.text C:\WINDOWS\system32\rundll32.exe[3548] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 010D0004
.text C:\WINDOWS\system32\rundll32.exe[3548] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01120004
.text C:\WINDOWS\system32\rundll32.exe[3548] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01010004
.text C:\WINDOWS\system32\rundll32.exe[3548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0004
.text C:\WINDOWS\system32\rundll32.exe[3548] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01050004
.text C:\WINDOWS\system32\rundll32.exe[3548] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FE0004
.text C:\WINDOWS\system32\rundll32.exe[3548] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 010F0004
.text C:\WINDOWS\system32\rundll32.exe[3548] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01030004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00820004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00AB0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B30004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B10004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A20004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009E0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00B90004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A00004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00BB0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00B70004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 009A0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AF0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00A90004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00D00004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00CA0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00CE0004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C80004
.text C:\Program Files\LANDesk\LDClient\softmon.exe[3552] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CC0004
.text C:\WINDOWS\system32\mfevtps.exe[3568] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00790004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00B90004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B00004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00C70004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C30004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00C90004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00C50004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00A80004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00B70004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 00E10004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00D90004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00DD0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D70004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DF0004
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3688] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DB0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01000004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00950004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00FE0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01060004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01040004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F10004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!ReadProcessMemory 7C8021D0 3 Bytes JMP 010C0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!ReadProcessMemory + 4 7C8021D4 1 Byte [84]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01080004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F30004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 010E0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 010A0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00ED0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00FC0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01260004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] msvcrt.dll!system 77C293C7 5 Bytes JMP 01100004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01170004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WS2_32.dll!select 71AB30A8 5 Bytes JMP 011E0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011A0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01220004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011C0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01240004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01200004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 019D0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 019C0004
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3736] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 019A0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AE0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00E80004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DF0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00F60004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F20004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00F80004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D90004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00F40004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00D70004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EC0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00E60004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01070004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01030004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] WS2_32.dll!bind 71AB4480 5 Bytes JMP 010B0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01050004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01090004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 011D0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0004
.text C:\Program Files\LANDesk\LDClient\LocalSch.EXE[3748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01000004
.text C:\PROGRA~1\LANDesk\LDClient\rcgui.exe[3844] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01240004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DB0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 01220004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012A0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01280004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01190004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01150004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 01300004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011E0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012C0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01170004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011B0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 01320004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01130004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 012E0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 01110004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01260004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 01200004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] msvcrt.dll!system 77C293C7 5 Bytes JMP 01340004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013A0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01470004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] WS2_32.dll!select 71AB30A8 5 Bytes JMP 01410004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013D0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01450004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013F0004
.text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[3880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01430004
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[3928] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\nvsvc32.exe[3980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008C0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00FC0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01040004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 010A0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01060004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F10004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 010C0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01080004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00EB0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01000004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00FA0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01210004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] msvcrt.dll!system 77C293C7 5 Bytes JMP 010E0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01140004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] WS2_32.dll!select 71AB30A8 5 Bytes JMP 011B0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01170004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] WS2_32.dll!bind 71AB4480 5 Bytes JMP 011F0004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01190004
.text C:\WINDOWS\system32\nvsvc32.exe[3980] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011D0004
.text C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[4140] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4696] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5068] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[5072] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[5120] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text ...
.text C:\WINDOWS\System32\svchost.exe[5208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DF0004
.text C:\WINDOWS\System32\svchost.exe[5208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007C0004
.text C:\WINDOWS\System32\svchost.exe[5208] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 00DD0004
.text C:\WINDOWS\System32\svchost.exe[5208] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D40004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!ReadProcessMemory 7C8021D0 5 Bytes JMP 00EB0004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D90004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E70004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00ED0004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00E90004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes JMP 00CC0004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10004
.text C:\WINDOWS\System32\svchost.exe[5208] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00DB0004
.text C:\WINDOWS\System32\svchost.exe[5208] RPCRT4.dll!NdrServerInitialize 77E79FB5 5 Bytes JMP 01650004
.text C:\WINDOWS\System32\svchost.exe[5208] GDI32.dll!GetDIBits 77F19FA5 5 Bytes JMP 01620004
.text C:\WINDOWS\System32\svchost.exe[5208] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0004
.text C:\WINDOWS\System32\svchost.exe[5208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50004
.text C:\WINDOWS\System32\svchost.exe[5208] WS2_32.dll!select 71AB30A8 5 Bytes JMP 00FD0004
.text C:\WINDOWS\System32\svchost.exe[5208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90004
.text C:\WINDOWS\System32\svchost.exe[5208] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01020004
.text C:\WINDOWS\System32\svchost.exe[5208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FB0004
.text C:\WINDOWS\System32\svchost.exe[5208] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 015C0004
.text C:\WINDOWS\System32\svchost.exe[5208] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FF0004
.text C:\Program Files\McAfee\Common Framework\McTray.exe[5504] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[5680] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\ctfmon.exe[5732] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\WINDOWS\system32\WLTRAY.exe[5828] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe[5876] ntdll.dll!LdrQueryImageFileExecutionOptions 7C91BD83 5 Bytes JMP 3C920000
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[3568] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040AB50] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[3568] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040ABB0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip acsint.sys (Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor/Cisco Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp acsint.sys (Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor/Cisco Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp acsint.sys (Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor/Cisco Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp acsint.sys (Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor/Cisco Systems, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:188] 89D1B161
Thread System [4:800] 88E24C30

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ence618.exe (*** hidden *** ) 988
Process C:\Program Files\Mandiant\Mandiant Intelligent Response Agent\MIRAgent.exe (*** hidden *** ) 1184

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users