Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected by a trojan or something I can't get rid of.


  • Please log in to reply
12 replies to this topic

#1 slikk24

slikk24

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 09:58 PM

I am running a windows xp pc. I have ran malware bytes and removed what I thought was all trojans. Internet is trying to redirect me to other sites or failing to load. Please help

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:11 AM

Posted 13 December 2011 - 10:08 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 10:14 PM

The security check ended in an error message: netsh.exe-entry point not found

Here is the Mini Tool box info

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee Internet Security
McAfee Security Scan Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 10:17 PM

Malware bytes log when first run

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/13/2011 6:16:13 PM
mbam-log-2011-12-13 (18-16-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 261661
Time elapsed: 1 hour(s), 41 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Libby\Local Settings\Application Data\ubs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Libby\Local Settings\Application Data\ubs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Libby\Local Settings\Application Data\ubs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Libby\local settings\application data\ubs.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

#5 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 10:18 PM

This was on second run of Malware bytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/13/2011 8:05:57 PM
mbam-log-2011-12-13 (20-05-57).txt

Scan type: Quick scan
Objects scanned: 183504
Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\documents and settings\networkservice\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
c:\documents and settings\Libby\local settings\Temp\nnnv0.524940663568097.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#6 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 10:19 PM

Malware bytes on 3rd run:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/13/2011 8:46:31 PM
mbam-log-2011-12-13 (20-46-31).txt

Scan type: Quick scan
Objects scanned: 186402
Time elapsed: 29 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:11 AM

Posted 13 December 2011 - 11:18 PM

...and GMER....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 11:23 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-13 22:23:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: gmer.exe; Driver: C:\DOCUME~1\Libby\LOCALS~1\Temp\fgtdrpog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E97210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E97224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E97250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E972A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E971FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E971D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E971E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E9723A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E9727C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E97266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E972D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E972BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E97290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#9 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2011 - 11:25 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 22:25:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: jg7nozx9[1].exe; Driver: C:\DOCUME~1\Libby\LOCALS~1\Temp\fgtdrpob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E97210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E97224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E97250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E972A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E971FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E971D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E971E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E9723A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E9727C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E97266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E972D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E972BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E97290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9E97294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP B9E972AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP B9E972C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6114 5 Bytes JMP B9E97280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C13F8 5 Bytes JMP B9E971D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1684 5 Bytes JMP B9E971EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP B9E972D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 8061925E 7 Bytes JMP B9E9726A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061A70E 7 Bytes JMP B9E9723E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061ACEC 5 Bytes JMP B9E97214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061B188 7 Bytes JMP B9E97228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B358 7 Bytes JMP B9E97254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061C0CA 5 Bytes JMP B9E97200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? jsvi.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9849360, 0x2456AE, 0xE8000020]
.text mrxsmb.sys B6ABD000 13 Bytes JMP B6ABDC0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys B6ABD00E 13 Bytes [28, 8A, AD, B6, 8B, 0D, F4, ...]
.text mrxsmb.sys B6ABD01C 3 Bytes [85, F4, E5]
.text mrxsmb.sys B6ABD021 44 Bytes [6A, 04, 5B, 39, 1D, 44, B1, ...]
.text mrxsmb.sys B6ABD04F 43 Bytes [68, F0, 8B, AD, B6, 56, E8, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01FD0000
.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01FD002C
.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01FD0011
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03700FEF
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03700068
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03700F69
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03700043
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03700F86
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03700FB2
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03700099
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03700F47
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 037000D9
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 037000BE
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 037000F4
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03700FA1
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03700FDE
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03700F58
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03700FCD
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03700014
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03700F36
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 036F0011
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 036F004E
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 036F0FCA
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 036F0000
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 036F003D
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 036F0FEF
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 036F0F9B
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 8B]
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 036F0022
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024A0F8B
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!system 77C293C7 5 Bytes JMP 024A0FA6
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024A0FC1
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024A0FE3
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024A0016
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024A0FD2
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01FE0FEF
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01FE0FD4
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01FE0014
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01FE002F
.text C:\WINDOWS\Explorer.EXE[432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FF0FEF
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006B002C
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006B001B
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0074006F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00740054
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00740F7C
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0074002F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00740F9E
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00740F49
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00740091
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007400E2
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007400C7
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007400F3
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00740F8D
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00740080
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00740FD4
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007400B6
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006E0025
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006E0051
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006E0FCA
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006E0F94
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006E0000
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006E0FAF
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8E, 88]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006E0040
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006D004C
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 006D0FB7
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006D001D
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006D0FE3
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006D0FC8
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006D000C
.text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01050FE5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01050067
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01050056
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01050F72
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01050F83
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01050FA5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01050F2B
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01050F3C
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01050EF8
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01050F09
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010500AC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01050F94
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01050F4D
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01050FC0
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01050011
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01050F1A
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01040040
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01040FB6
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0104002F
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01040FEF
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0104007D
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01040000
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0104006C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01040051
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01030FA6
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 0103003B
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01030FD2
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0103000C
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01030FC1
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01030FE3
.text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0101000A
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01010FD4
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01010025
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90076
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F81
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900AE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F5C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900EE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F4B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F30
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FC0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90087
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90036
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900C9
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B3002F
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B30F8D
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B3004A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B30FB2
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D3, 88]
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B2007A
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20069
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20029
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B2000C
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B2004E
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F66
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F77
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0051
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0F9E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F3A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0082
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC00B1
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F0E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0EF3
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0FB9
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F55
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0025
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F29
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0F8D
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB0036
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FA6
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FB7
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB001D
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FC8
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB000C
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00A90011
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00A90FDB
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC002C
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10FAD
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10098
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10087
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E1006C
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10FCA
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F88
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E100CE
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E10F52
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F63
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E100FC
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E100B3
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E1001B
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E100EB
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00FAF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00F7C
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00025
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0044
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FB9
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0029
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF000C
.text C:\WINDOWS\system32\svchost.exe[1368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00DD0014
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00DD0FD4
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 023D0000
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 023D0036
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 023D001B
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 018D000A
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 018B000C
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025B0087
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025B0F92
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025B0076
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025B0065
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025B0FB9
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025B00B5
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025B00A4
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025B0F48
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025B00E1
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025B00FC
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025B004A
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025B0FE5
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025B0F6D
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025B001B
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025B0FCA
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025B00D0
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025A0FB9
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025A0F8A
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025A0FD4
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025A0051
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025A0FE5
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025A0040
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025A0025
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02590F9C
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!system 77C293C7 5 Bytes JMP 02590FB7
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02590FD2
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02590000
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0259001D
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02590FE3
.text C:\WINDOWS\System32\svchost.exe[1448] WS2_32.dll!socket 71AB4211 5 Bytes JMP 023F0FEF
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 023E0FEF
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 023E0FD4
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 023E0FC3
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 023E0FA8
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F61
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F72
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F83
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FC0
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0078008E
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780071
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F1A
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F35
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780F09
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F46
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FD1
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078002C
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800B3
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0077005B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0077004A
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760F75
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FB5
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FE3
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760F90
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FC6
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750FE5
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0058
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F63
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD002C
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0F94
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F3E
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD007A
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0EFE
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00A1
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00BC
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0069
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F19
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC004A
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0014
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0F9C
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FAD
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FD2
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0027
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990022
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00990011
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0F5E
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0F83
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F94
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0093
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0078
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F0B
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00AE
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0EFA
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F4D
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F30
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FB2
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F5A
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0F6B
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0F86
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0F97
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0F86
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FAB
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FD2
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0FE5
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0084
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F8F
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0069
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0FAC
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF003D
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F46
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F57
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F10
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F2B
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00C4
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF004E
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F74
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0022
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF009F
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F4D
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F68
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0F79
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC6
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FAB
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\dllhost.exe[2280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\dllhost.exe[2280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\dllhost.exe[2280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90025
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F7C
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F8D
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0067
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00AE
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED009D
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00E4
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00C9
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00FF
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED008C
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F4B
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0033
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0022
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FE3
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FB2
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FC3
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0054
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F8D
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0F9E
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC002F
.text C:\WINDOWS\system32\dllhost.exe[2280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B5000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C
.text C:\WINDOWS\System32\ping.exe[2492] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\ping.exe[2492] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\ping.exe[2492] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\ping.exe[2492] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0462000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0463000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0461000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360076
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370042
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370031
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02CF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02D0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02CE000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360076
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360065
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036004A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F90
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F64
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F75
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F86
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F42
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F53
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F20
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F0F
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270039
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027007E
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F31
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360080
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360065
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360054
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F90
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009E0025
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009E0040
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009E0051
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A10000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[876] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3732] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat AFF4CD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B6B2C000-B6B46000 (106496 bytes)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:11 AM

Posted 13 December 2011 - 11:49 PM

Something deeper is going on there.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 14 December 2011 - 06:01 AM

It stated that GMER found a rookit when scan finally completed. Go to follow your instructions on repost now. Here is that log. Thanks

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-14 04:55:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: jg7nozx9[1].exe; Driver: C:\DOCUME~1\Libby\LOCALS~1\Temp\fgtdrpob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E97210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E97224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E97250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E972A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E971FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E971D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E971E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E9723A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E9727C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E97266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E972D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E972BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E97290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9E97294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP B9E972AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP B9E972C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6114 5 Bytes JMP B9E97280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C13F8 5 Bytes JMP B9E971D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1684 5 Bytes JMP B9E971EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP B9E972D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 8061925E 7 Bytes JMP B9E9726A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061A70E 7 Bytes JMP B9E9723E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061ACEC 5 Bytes JMP B9E97214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061B188 7 Bytes JMP B9E97228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B358 7 Bytes JMP B9E97254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061C0CA 5 Bytes JMP B9E97200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? jsvi.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9849360, 0x2456AE, 0xE8000020]
.text mrxsmb.sys B6ABD000 13 Bytes JMP B6ABDC0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys B6ABD00E 13 Bytes [28, 8A, AD, B6, 8B, 0D, F4, ...]
.text mrxsmb.sys B6ABD01C 3 Bytes [85, F4, E5]
.text mrxsmb.sys B6ABD021 44 Bytes [6A, 04, 5B, 39, 1D, 44, B1, ...]
.text mrxsmb.sys B6ABD04F 43 Bytes [68, F0, 8B, AD, B6, 56, E8, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01FD0000
.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01FD002C
.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01FD0011
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03700FEF
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03700068
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03700F69
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03700043
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03700F86
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03700FB2
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03700099
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03700F47
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 037000D9
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 037000BE
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 037000F4
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03700FA1
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03700FDE
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03700F58
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03700FCD
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03700014
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03700F36
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 036F0011
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 036F004E
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 036F0FCA
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 036F0000
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 036F003D
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 036F0FEF
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 036F0F9B
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 8B]
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 036F0022
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024A0F8B
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!system 77C293C7 5 Bytes JMP 024A0FA6
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024A0FC1
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024A0FE3
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024A0016
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024A0FD2
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01FE0FEF
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01FE0FD4
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01FE0014
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01FE002F
.text C:\WINDOWS\Explorer.EXE[432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FF0FEF
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006B002C
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006B001B
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0074006F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00740054
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00740F7C
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0074002F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00740F9E
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00740F49
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00740091
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007400E2
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007400C7
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007400F3
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00740F8D
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00740080
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00740FD4
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007400B6
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006E0025
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006E0051
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006E0FCA
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006E0F94
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006E0000
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006E0FAF
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8E, 88]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006E0040
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006D004C
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 006D0FB7
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006D001D
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006D0FE3
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006D0FC8
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006D000C
.text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01050FE5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01050067
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01050056
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01050F72
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01050F83
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01050FA5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01050F2B
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01050F3C
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01050EF8
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01050F09
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010500AC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01050F94
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01050F4D
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01050FC0
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01050011
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01050F1A
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01040040
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01040FB6
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0104002F
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01040FEF
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0104007D
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01040000
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0104006C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01040051
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01030FA6
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 0103003B
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01030FD2
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0103000C
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01030FC1
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01030FE3
.text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0101000A
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01010FD4
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01010025
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90076
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F81
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900AE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F5C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900EE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F4B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F30
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FC0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90087
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90036
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900C9
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B3002F
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B30F8D
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B3004A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B30FB2
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D3, 88]
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B2007A
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20069
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20029
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B2000C
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B2004E
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F66
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F77
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0051
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0F9E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F3A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0082
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC00B1
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F0E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0EF3
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0FB9
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F55
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0025
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F29
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0F8D
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB0036
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FA6
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FB7
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB001D
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FC8
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB000C
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00A90011
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00A90FDB
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC002C
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10FAD
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10098
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10087
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E1006C
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10FCA
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F88
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E100CE
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E10F52
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F63
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E100FC
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E100B3
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E1001B
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E100EB
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00FAF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00F7C
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00025
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0044
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FB9
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0029
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF000C
.text C:\WINDOWS\system32\svchost.exe[1368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00DD0014
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00DD0FD4
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 023D0000
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 023D0036
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 023D001B
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 018D000A
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 018B000C
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025B0087
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025B0F92
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025B0076
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025B0065
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025B0FB9
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025B00B5
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025B00A4
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025B0F48
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025B00E1
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025B00FC
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025B004A
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025B0FE5
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025B0F6D
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025B001B
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025B0FCA
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025B00D0
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025A0FB9
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025A0F8A
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025A0FD4
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025A0051
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025A0FE5
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025A0040
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025A0025
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02590F9C
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!system 77C293C7 5 Bytes JMP 02590FB7
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02590FD2
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02590000
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0259001D
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02590FE3
.text C:\WINDOWS\System32\svchost.exe[1448] WS2_32.dll!socket 71AB4211 5 Bytes JMP 023F0FEF
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 023E0FEF
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 023E0FD4
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 023E0FC3
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 023E0FA8
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F61
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F72
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F83
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FC0
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0078008E
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780071
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F1A
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F35
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780F09
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F46
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FD1
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078002C
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800B3
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0077005B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0077004A
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760F75
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FB5
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FE3
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760F90
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FC6
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750FE5
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0058
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F63
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD002C
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0F94
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F3E
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD007A
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0EFE
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00A1
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00BC
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0069
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F19
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC004A
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0014
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0F9C
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FAD
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FD2
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0027
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990022
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00990011
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0F5E
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0F83
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F94
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0093
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0078
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F0B
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00AE
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0EFA
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F4D
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F30
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FB2
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F5A
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0F6B
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0F86
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0F97
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0F86
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FAB
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FD2
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0FE5
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0084
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F8F
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0069
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0FAC
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF003D
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F46
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F57
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F10
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F2B
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00C4
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF004E
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F74
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0022
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF009F
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F4D
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F68
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0F79
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC6
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FAB
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1972] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\dllhost.exe[2280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\dllhost.exe[2280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\dllhost.exe[2280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90025
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F7C
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F8D
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0067
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00AE
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED009D
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00E4
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00C9
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00FF
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED008C
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\dllhost.exe[2280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F4B
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0033
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0022
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FE3
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FB2
.text C:\WINDOWS\system32\dllhost.exe[2280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FC3
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0054
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F8D
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0F9E
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\dllhost.exe[2280] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC002F
.text C:\WINDOWS\system32\dllhost.exe[2280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B5000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\ping.exe[2492] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C
.text C:\WINDOWS\System32\ping.exe[2492] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\ping.exe[2492] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\ping.exe[2492] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\ping.exe[2492] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0462000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0463000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0461000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360076
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370042
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370031
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3568] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02CF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02D0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02CE000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360076
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360065
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036004A
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F90
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3732] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F64
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F75
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F86
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F42
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F53
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F20
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F0F
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270039
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027007E
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F31
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360080
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360025
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360065
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360054
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F90
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009E0025
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009E0040
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009E0051
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A10000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[876] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3732] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat AFF4CD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B6B2C000-B6B46000 (106496 bytes)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTNXE2C3\csjs[1] 4043 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z8M8VYVY\play-free-flash-game-neon2-5[1].jpg 17183 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z8M8VYVY\blue-title-bg[1].gif 1672 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502 0 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\keywords 131 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\L 0 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\L\jzfaoxfl 456320 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U 0 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB34380$\2617383502\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB34380$\654447733 0 bytes

---- EOF - GMER 1.0.15 ----

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:11 AM

Posted 14 December 2011 - 05:34 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 December 2011 - 02:19 PM

Started a new topic under Infected by a Rookit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users