Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting rid of goonsearch


  • Please log in to reply
12 replies to this topic

#1 MsMariee

MsMariee

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 05 January 2012 - 01:09 AM

So basically randomly one day as I decide to use Google chrome my browser starts the search engine "goon search" and recently, I've changed my homepage back to google but sometimes it goes back to goon search. I need help please. What type of infection is this?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:41 AM

Posted 05 January 2012 - 09:42 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 MsMariee

MsMariee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 08 January 2012 - 07:03 PM

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
McAfee Security Center
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 29
Out of date Java installed!
Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
``````````End of Log````````````

Farbar Service Scanner
Ran by (administrator) on 08-01-2012 at 18:59:06
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

MiniToolBox by Farbar
Ran by Dyisha (administrator) on 08-01-2012 at 19:00:11
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Disconnected)
Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Pretty-N-Pink
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-24-2C-9C-D3-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-24-2C-9C-D3-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::449:cdc6:8384:c8dd%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 08, 2012 5:29:25 PM
Lease Expires . . . . . . . . . . : Thursday, February 15, 2148 1:28:48 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 218113068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-B4-77-2B-00-24-2C-9C-D3-A0
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-1F-16-D2-CE-AF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F3D8D0B2-A6C1-44F9-BCF1-7506BA41F8F7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2077:3de6:bbce:81e1(Preferred)
Link-local IPv6 Address . . . . . : fe80::2077:3de6:bbce:81e1%35(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {C563E791-56B8-4565-8AB4-AB9D54047B1B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server:
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.115.106
74.125.115.99
74.125.115.147
74.125.115.105
74.125.115.104
74.125.115.103


Pinging google.com [74.125.113.106] with 32 bytes of data:
Reply from 74.125.113.106: bytes=32 time=41ms TTL=50
Reply from 74.125.113.106: bytes=32 time=29ms TTL=50

Ping statistics for 74.125.113.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 41ms, Average = 35ms
Server:
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=72ms TTL=48
Reply from 209.191.122.70: bytes=32 time=57ms TTL=48

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 72ms, Average = 64ms
Server:
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...06 24 2c 9c d3 a0 ......Microsoft Virtual WiFi Miniport Adapter
10...00 24 2c 9c d3 a0 ......Atheros AR5007 802.11b/g WiFi Adapter
9...00 1f 16 d2 ce af ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
35...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.4 281
192.168.2.4 255.255.255.255 On-link 192.168.2.4 281
192.168.2.255 255.255.255.255 On-link 192.168.2.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
35 58 ::/0 On-link
1 306 ::1/128 On-link
35 58 2001::/32 On-link
35 306 2001:0:4137:9e76:2077:3de6:bbce:81e1/128
On-link
10 281 fe80::/64 On-link
35 306 fe80::/64 On-link
10 281 fe80::449:cdc6:8384:c8dd/128
On-link
35 306 fe80::2077:3de6:bbce:81e1/128
On-link
1 306 ff00::/8 On-link
35 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2012 05:32:52 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (01/08/2012 05:30:08 PM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/05/2012 08:51:46 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (01/05/2012 08:50:47 PM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/05/2012 00:34:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception code: 0x40000015
Fault offset: 0x0008d1c0
Faulting process id: 0xddc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/05/2012 00:13:50 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (01/05/2012 00:12:30 AM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/04/2012 11:26:34 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Failed to make the SOAP Call HResult: 0x800c0005. Exception caught while trying to report the Update Event

Error: (01/04/2012 11:26:33 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/04/2012 11:18:58 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml


System errors:
=============
Error: (01/08/2012 05:30:44 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/08/2012 05:30:44 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/08/2012 05:30:44 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/08/2012 05:30:44 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/08/2012 05:30:44 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/08/2012 05:30:44 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/08/2012 05:30:44 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (01/08/2012 05:30:44 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (01/08/2012 05:30:44 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (01/08/2012 05:30:36 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (01/08/2012 05:32:52 PM) (Source: HP AdvisorUpdate)(User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (01/08/2012 05:30:08 PM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/05/2012 08:51:46 PM) (Source: HP AdvisorUpdate)(User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (01/05/2012 08:50:47 PM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/05/2012 00:34:00 AM) (Source: Application Error)(User: )
Description: iexplore.exe0.0.0.04e06cfe8iexplore.exe0.0.0.04e06cfe8400000150008d1c0ddc01cccb6b9f11e8c0C:\32788R22FWJFW\License\iexplore.exeC:\32788R22FWJFW\License\iexplore.exede793360-375e-11e1-816b-d20bfe7ac737

Error: (01/05/2012 00:13:50 AM) (Source: HP AdvisorUpdate)(User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (01/05/2012 00:12:30 AM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/04/2012 11:26:34 PM) (Source: CVHSVC)(User: )
Description: Error: Failed to make the SOAP Call HResult: 0x800c0005. Exception caught while trying to report the Update Event

Error: (01/04/2012 11:26:33 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/04/2012 11:18:58 PM) (Source: HP AdvisorUpdate)(User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.1.0)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.2)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player (Version: 11.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Atheros Driver Installation Program (Version: 5.2)
bProtector for Windows
BufferChm (Version: 120.0.194.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio (Version: 4.58.1.0)
Copy (Version: 120.0.194.000)
CyberLink DVD Suite (Version: 6.0.2203)
CyberLink YouCam (Version: 2.0.2328)
dBpoweramp Music Converter (Version: Release 13.5)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DJ_AIO_05_F4400_Software_Min (Version: 120.0.235.000)
ESU for Microsoft Vista (Version: 1.0.0)
F4400 (Version: 120.0.235.000)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 130.0.371.000)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (Version: 12.0)
HP Doc Viewer (Version: 1.03.0001)
HP DVD Play 3.7 (Version: 3.7.0.5723)
HP Help and Support (Version: 2.1.1.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 5.002.006.003)
HP User Guides 0118 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPDiagnosticAlert (Version: 1.00.0000)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoGadget (Version: 120.0.150.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Juno Preloader (Version: 1.0.0)
LabelPrint (Version: 2.5.0926)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238)
MarketResearch (Version: 120.0.226.000)
McAfee Security Center (Version: 11.0.649)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 - English (Version: 14.0.5139.5005)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.6951)
My HP Games (Version: 1.0.0.62)
NCH Tone Generator
NCH Toolbox
NetWaiting (Version: 2.5.52)
NetZero Preloader (Version: 1.0.0)
Norton Internet Security (Version: 16.0.0.125)
NVIDIA Drivers (Version: 1.10.62.40)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
ooVoo (Version: 2.9.0105)
PhotoScape
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.69.80.9)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3)
SafeConnect
Scan (Version: 12.0.0.0)
Shop for HP Supplies (Version: 12)
Skype™ 5.5 (Version: 5.5.115)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 120.0.194.000)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Viewpoint Media Player
WebReg (Version: 120.0.194.000)
WinAce Archiver (Version: 2.69)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2814.43 MB
Available physical RAM: 1869.49 MB
Total Pagefile: 5628.85 MB
Available Pagefile: 4331.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:287.17 GB) (Free:229.38 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.78 GB) NTFS
3 Drive e: (MOMO) (Removable) (Total:3.65 GB) (Free:3.6 GB) FAT32
5 Drive g: () (Removable) (Total:0.93 GB) (Free:0.67 GB) FAT

========================= Users: ========================================

User accounts for \\PRETTY-N-PINK

Administrator Dyisha Guest


**** End of log ****

#4 MsMariee

MsMariee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 08 January 2012 - 07:23 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dyisha :: PRETTY-N-PINK [administrator]

Protection: Disabled

1/8/2012 7:06:15 PM
mbam-log-2012-01-08 (19-06-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196283
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 MsMariee

MsMariee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 08 January 2012 - 09:15 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 21:07:37
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9320320AS rev.HP07
Running: z52jb78k.exe; Driver: C:\Users\Dyisha\AppData\Local\Temp\axdcakob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8AC7D498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8AC7D4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8AC7D4AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8AC7D484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 832675C5 5 Bytes JMP 8AC7D488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83279369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[312] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[312] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00040025
.text C:\Windows\System32\svchost.exe[312] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 0004000A
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00010F6F
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 000100F0
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 000100DF
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00010076
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00010FA8
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00010065
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 0001010B
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 0001004A
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 000100B3
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00010098
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 000100CE
.text C:\Windows\System32\svchost.exe[312] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00010087
.text C:\Windows\System32\svchost.exe[312] msvcrt.dll!_open 76407E48 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[312] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 000F003B
.text C:\Windows\System32\svchost.exe[312] msvcrt.dll!system 7643B16F 5 Bytes JMP 000F0FA6
.text C:\Windows\System32\svchost.exe[312] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 000F0FD2
.text C:\Windows\System32\svchost.exe[312] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 000F0FB7
.text C:\Windows\System32\svchost.exe[312] msvcrt.dll!_wopen 76440570 5 Bytes JMP 000F000C
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00100FAF
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00100047
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00100036
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 0010000A
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00100058
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00100FCA
.text C:\Windows\System32\svchost.exe[312] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 0010001B
.text C:\Windows\system32\services.exe[528] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00330FEF
.text C:\Windows\system32\services.exe[528] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00330025
.text C:\Windows\system32\services.exe[528] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 0033000A
.text C:\Windows\system32\services.exe[528] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00360F83
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 003600F3
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 003600D8
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00360FDE

.text C:\Windows\system32\services.exe[528] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 0036006C
.text C:\Windows\system32\services.exe[528] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 0036004A
.text C:\Windows\system32\services.exe[528] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 0036005B
.text C:\Windows\system32\services.exe[528] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 00360F43
.text C:\Windows\system32\services.exe[528] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00360FC3
.text C:\Windows\system32\services.exe[528] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00360F68
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 0036000A
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00360FEF
.text C:\Windows\system32\services.exe[528] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00360FB2
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 003600A2
.text C:\Windows\system32\services.exe[528] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00360025
.text C:\Windows\system32\services.exe[528] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 003600C7
.text C:\Windows\system32\services.exe[528] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00360091
.text C:\Windows\system32\services.exe[528] msvcrt.dll!_open 76407E48 5 Bytes JMP 00340FEF
.text C:\Windows\system32\services.exe[528] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00340038
.text C:\Windows\system32\services.exe[528] msvcrt.dll!system 7643B16F 5 Bytes JMP 00340027
.text C:\Windows\system32\services.exe[528] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00340FC1
.text C:\Windows\system32\services.exe[528] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00340016
.text C:\Windows\system32\services.exe[528] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00340FD2
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00530FEF
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00530FC3
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 0053004A
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00530FA8
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00530FDE
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00530F8D
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 0053002F
.text C:\Windows\system32\services.exe[528] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 0053001E
.text C:\Windows\system32\services.exe[528] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00690FE5
.text C:\Windows\system32\lsass.exe[544] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00190FEF
.text C:\Windows\system32\lsass.exe[544] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00190FD4
.text C:\Windows\system32\lsass.exe[544] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 0019000A
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 0018009B
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00180F3F
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 001800D4
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 0018001B
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00180F97
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 0018005B
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00180FA8
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 001800E5
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00180040
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00180F61
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00180FEF
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00180000
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00180FB9
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 0018008A
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00180FCA
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00180F50
.text C:\Windows\system32\lsass.exe[544] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00180F7C
.text C:\Windows\system32\lsass.exe[544] msvcrt.dll!_open 76407E48 5 Bytes JMP 001A0000
.text C:\Windows\system32\lsass.exe[544] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 001A0047
.text C:\Windows\system32\lsass.exe[544] msvcrt.dll!system 7643B16F 5 Bytes JMP 001A0FBC
.text C:\Windows\system32\lsass.exe[544] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 001A0022
.text C:\Windows\system32\lsass.exe[544] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\lsass.exe[544] msvcrt.dll!_wopen 76440570 5 Bytes JMP 001A0011
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 007E0FEF
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 007E005B
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 007E0FAF
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 007E0FD4
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 007E000A
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 007E0F94
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 007E0040
.text C:\Windows\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 007E001B
.text C:\Windows\system32\lsass.exe[544] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00790FE5
.text C:\Windows\system32\svchost.exe[656] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00580000
.text C:\Windows\system32\svchost.exe[656] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00580022
.text C:\Windows\system32\svchost.exe[656] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00580011
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00430087
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 004300BA
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 004300A9

.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 0043001B
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00430F6F
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 0043003D
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00430F8A
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 004300D5
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00430FAF
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00430F43
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00430FD4
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00430FEF
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 0043002C
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00430F5E
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 0043000A
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00430098
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00430062
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_open 76407E48 5 Bytes JMP 00590000
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 0059005A
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!system 7643B16F 5 Bytes JMP 00590049
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00590027
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00590038
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00590FE3
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00A10FE5
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00A10FA5
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00A10F8A
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00A1002C
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00A10FD4
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00A10F79
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00A1001B
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00A1000A
.text C:\Windows\system32\svchost.exe[656] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00250000
.text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00250FDE
.text C:\Windows\system32\svchost.exe[764] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00250FEF
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 002400C7
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00240104
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 002400F3
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00240025
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00240080
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00240065
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00240FA8
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 0024011F
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00240036
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00240F83
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00240FDB
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00240FB9
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 002400B6
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00240FCA
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 002400E2
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00240091
.text C:\Windows\system32\svchost.exe[764] msvcrt.dll!_open 76407E48 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[764] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 002A004E
.text C:\Windows\system32\svchost.exe[764] msvcrt.dll!system 7643B16F 5 Bytes JMP 002A003D
.text C:\Windows\system32\svchost.exe[764] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 002A0022
.text C:\Windows\system32\svchost.exe[764] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 002A0FCD
.text C:\Windows\system32\svchost.exe[764] msvcrt.dll!_wopen 76440570 5 Bytes JMP 002A0FDE
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00300040
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00300014
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00300FAF
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00300025
.text C:\Windows\system32\svchost.exe[764] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 002F000A
.text C:\Windows\System32\svchost.exe[780] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[780] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 0018002C
.text C:\Windows\System32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00180011
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00160F43
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 001600AC

.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 00160F0D
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 778A2D47 3 Bytes JMP 00160FB9
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateNamedPipeW + 4 778A2D4B 1 Byte [88]
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00160F68
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00160F8D
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 0016004A
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 001600C7
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00160025
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00160F28
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00160FDE
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00160F9E
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 0016006C
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 0016000A
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00160087
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 0016005B
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_open 76407E48 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00190F9C
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!system 7643B16F 5 Bytes JMP 0019001D
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00190FC8
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00190FB7
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00190FE3
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00170FD4
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00170065
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00170FB9
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00170025
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00170F9E
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00170040
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[780] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[824] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 007B000A
.text C:\Windows\System32\svchost.exe[824] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 007B0FE5
.text C:\Windows\System32\svchost.exe[824] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 007B001B
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 006900CE
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00690F5E
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 006900F3
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 0069002C
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00690FCA
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00690087
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 006900A2
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 0069010E
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00690047
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00690F8A
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00690FEF
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 0069000A
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00690062
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 006900BD
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 0069001B
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00690F79
.text C:\Windows\System32\svchost.exe[824] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00690FAF
.text C:\Windows\System32\svchost.exe[824] msvcrt.dll!_open 76407E48 5 Bytes JMP 00AD000C
.text C:\Windows\System32\svchost.exe[824] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00AD003D
.text C:\Windows\System32\svchost.exe[824] msvcrt.dll!system 7643B16F 5 Bytes JMP 00AD0FB2
.text C:\Windows\System32\svchost.exe[824] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00AD0FDE
.text C:\Windows\System32\svchost.exe[824] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00AD0FCD
.text C:\Windows\System32\svchost.exe[824] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00AD0FEF
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00AF0000
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00AF0047
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00AF0FC0
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00AF0058
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00AF0011
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00AF0FAF
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00AF0FE5
.text C:\Windows\System32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00AF0036
.text C:\Windows\System32\svchost.exe[824] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00AE0000
.text C:\Windows\System32\svchost.exe[856] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00B1000A
.text C:\Windows\System32\svchost.exe[856] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00B1001B
.text C:\Windows\System32\svchost.exe[856] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00B10FE5

.text C:\Windows\System32\svchost.exe[856] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00730F9E
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 0073010A
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 00730F6B
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00730036
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 007300A2
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00730087
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00730FCA
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 00730F5A
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00730051
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00730F8D
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 0073001B
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00730000
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00730076
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00730FAF
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00730FE5
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00730F7C
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 007300BD
.text C:\Windows\System32\svchost.exe[856] msvcrt.dll!_open 76407E48 5 Bytes JMP 00C70FE3
.text C:\Windows\System32\svchost.exe[856] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00C70047
.text C:\Windows\System32\svchost.exe[856] msvcrt.dll!system 7643B16F 5 Bytes JMP 00C70FBC
.text C:\Windows\System32\svchost.exe[856] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00C70011
.text C:\Windows\System32\svchost.exe[856] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00C70022
.text C:\Windows\System32\svchost.exe[856] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00C70000
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00C90FE5
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00C90036
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00C90FA5
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00C90047
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00C90FD4
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00C90058
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00C90025
.text C:\Windows\System32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00C90014
.text C:\Windows\System32\svchost.exe[856] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00C80FEF
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00F60FEF
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00F60014
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00F60FDE
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00F50F68
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00F500C7
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 00F500B6
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00F50040
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00F50F94
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00F5006C
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00F50FAF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 00F500D8
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00F50051
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00F50F4D
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00F50000
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00F50FD4
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00F50087
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00F50F3C
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00F50F83
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_open 76407E48 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00FB003F
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!system 7643B16F 5 Bytes JMP 00FB002E
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00FB0FE3
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00FB0FC8
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00FB001D
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 01090FEF
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 01090036
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 0109005B
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 01090FAF
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 01090FCA
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 0109006C
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 01090025
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 01090000
.text C:\Windows\system32\svchost.exe[900] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 01040FE5
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 001A0014

.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00190087
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00190F0D
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 001900A2
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00190051
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00190040
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 001900BD
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00190F79
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00190F43
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00190FCA
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreatePipe 778D12A6 3 Bytes JMP 00190F5E
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreatePipe + 4 778D12AA 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00190FAF
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00190F28
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_open 76407E48 5 Bytes JMP 00560FE3
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 0056002F
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!system 7643B16F 5 Bytes JMP 00560F9A
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00560FC6
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00560FB5
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00560000
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 005C0000
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 005C0FA8
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 005C0F7C
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 005C0F97
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 005C0FE5
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 005C0F61
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 005C0FC3
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 005C0FD4
.text C:\Windows\system32\svchost.exe[1108] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00570000
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00130FEF
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00130000
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00130FD4
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00110F65
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00110F36
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 001100CB
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00110FCA
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00110062
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00110051
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00110F94
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 001100F0
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00110FAF
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 001100A9
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00110FEF
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00110000
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00110036
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00110098
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 0011001B
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 001100BA
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00110087
.text C:\Windows\System32\svchost.exe[1204] msvcrt.dll!_open 76407E48 5 Bytes JMP 00140000
.text C:\Windows\System32\svchost.exe[1204] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00140FDE
.text C:\Windows\System32\svchost.exe[1204] msvcrt.dll!system 7643B16F 5 Bytes JMP 0014005F
.text C:\Windows\System32\svchost.exe[1204] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00140029
.text C:\Windows\System32\svchost.exe[1204] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00140044
.text C:\Windows\System32\svchost.exe[1204] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00140FEF
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00120FEF
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00120036
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00120047
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00120FAF
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00120FD4
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00120F8A
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00120025
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 0012000A
.text C:\Windows\System32\svchost.exe[1204] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00210FEF

.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00620FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 0062002F
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00620014
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 005D00B3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 005D010E
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 005D00F3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 005D0FDB
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 005D0F94
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 005D0FA5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 005D006C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 005D0F5E
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 005D0047
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 005D00D8
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 005D0011
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 005D0000
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 005D0FC0
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 005D00A2
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 005D002C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 005D0F79
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 005D0087
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 76407E48 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00630049
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 7643B16F 5 Bytes JMP 00630038
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 0063001D
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00630FC8
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 76440570 5 Bytes JMP 0063000C
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00690044
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00690FA2
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00690FBD
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00690011
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00690F91
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00690033
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00690022
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 0068000A
.text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00680FEF
.text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 0068000A
.text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00680FD4
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00670F6F
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 006700E9
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 006700D8
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 0067001B
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 0067007D
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00670062
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00670F9B
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 006700FA
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00670036
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00670F54
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00670000
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00670FEF
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00670051
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00670098
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00670FCA
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 006700B3
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00670F8A
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 006E0FEF
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 006E0040
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 006E0FA8
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 006E0FC3
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 006E0FDE
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 006E006F
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 006E002F
.text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 006E0014
.text C:\Windows\Explorer.EXE[1496] msvcrt.dll!_open 76407E48 5 Bytes JMP 00690000
.text C:\Windows\Explorer.EXE[1496] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 0069003D
.text C:\Windows\Explorer.EXE[1496] msvcrt.dll!system 7643B16F 5 Bytes JMP 0069002C
.text C:\Windows\Explorer.EXE[1496] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00690011
.text C:\Windows\Explorer.EXE[1496] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00690FB2
.text C:\Windows\Explorer.EXE[1496] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00690FD7
.text C:\Windows\Explorer.EXE[1496] WININET.dll!InternetOpenA 76214E3C 5 Bytes JMP 031E0000
.text C:\Windows\Explorer.EXE[1496] WININET.dll!InternetOpenUrlA 7621BFDE 5 Bytes JMP 031E001B
.text C:\Windows\Explorer.EXE[1496] WININET.dll!InternetOpenW 7624C126 5 Bytes JMP 031E0FE5
.text C:\Windows\Explorer.EXE[1496] WININET.dll!InternetOpenUrlW 7627D8D2 5 Bytes JMP 031E0036
.text C:\Windows\Explorer.EXE[1496] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 02F60000
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00C10FE5
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00C10FC3
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00C10FD4
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 77871E10 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00C00F14
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00C0009F
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 00C0008E
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00C00011
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00C00022
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00C00F6F
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00C00F54
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 00C00EE5
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00C00FA5
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00C00058
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00C00FD4
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00C00FE5
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00C00F80
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00C00F2F

.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00C00000
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00C00073
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00C0003D
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_open 76407E48 5 Bytes JMP 00C20000
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00C20038
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!system 7643B16F 5 Bytes JMP 00C20027
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00C20FD2
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00C20FB7
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00C20FE3
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00CC0040
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00CC006F
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00CC0FC3
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00CC0FDE
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00CC0FA8
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00CC0025
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00CC0014
.text C:\Windows\system32\svchost.exe[1572] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00CB0000
.text C:\Windows\system32\svchost.exe[1832] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 005C0000
.text C:\Windows\system32\svchost.exe[1832] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 005C0025
.text C:\Windows\system32\svchost.exe[1832] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 005C0FE5
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 005A00AC
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 005A00D1
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 005A0F46
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 005A0FB9
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 005A0F83
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 005A005B
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 005A0F94
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 005A0F2B
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 005A002F
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 005A0F72
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 005A0FD4
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 005A004A
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 005A009B
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 005A000A
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 005A0F57
.text C:\Windows\system32\svchost.exe[1832] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 005A0076
.text C:\Windows\system32\svchost.exe[1832] msvcrt.dll!_open 76407E48 5 Bytes JMP 005D0FEF
.text C:\Windows\system32\svchost.exe[1832] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 005D0F92
.text C:\Windows\system32\svchost.exe[1832] msvcrt.dll!system 7643B16F 5 Bytes JMP 005D0FB7
.text C:\Windows\system32\svchost.exe[1832] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 005D000C
.text C:\Windows\system32\svchost.exe[1832] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 005D001D
.text C:\Windows\system32\svchost.exe[1832] msvcrt.dll!_wopen 76440570 5 Bytes JMP 005D0FDE
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 005B0000
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 005B0FA8
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 005B0F8D
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 005B0025
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 005B0FE5
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 005B0040
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 005B0FB9
.text C:\Windows\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 005B0FD4
.text C:\Windows\system32\svchost.exe[1832] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 005E0000
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 003E0000
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 003E0FE5
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 003E0011
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 003C00A6
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 003C0F47
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 003C0F58
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 003C002C
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 003C0084
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 003C0058
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 003C0073
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 003C00F7
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 003C0FCA
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 003C00B7
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 003C0011
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 003C0000
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 003C0047
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 003C0F87
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 003C0FDB
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 003C00C8
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 003C0095
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_open 76407E48 5 Bytes JMP 003F0FEF
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 003F003B
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!system 7643B16F 5 Bytes JMP 003F0020
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 003F0FC1
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 003F0FB0
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wopen 76440570 5 Bytes JMP 003F0FDE
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 003D0000
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 003D0F9E
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 003D0040
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 003D0FE5
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 003D0F8D
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 003D0FAF
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 003D0FD4
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 0019009B
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00190F46

.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 001900DB
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00190FA8
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 0019006F
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00190F8D
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00190054
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 00190F35
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00190014
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 001900B6
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00190FE5
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00190025
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreatePipe 778D12A6 3 Bytes JMP 00190080
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreatePipe + 4 778D12AA 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00190FB9
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00190F57
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00190F72
.text C:\Windows\system32\svchost.exe[2008] msvcrt.dll!_open 76407E48 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[2008] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 00240051
.text C:\Windows\system32\svchost.exe[2008] msvcrt.dll!system 7643B16F 5 Bytes JMP 00240036
.text C:\Windows\system32\svchost.exe[2008] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 00240011
.text C:\Windows\system32\svchost.exe[2008] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 00240FBC
.text C:\Windows\system32\svchost.exe[2008] msvcrt.dll!_wopen 76440570 5 Bytes JMP 00240FE3
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 001A0025
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 001A0F94
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 001A0040
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 001A0F83
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 001A0FB9
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 001A0FD4
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 001D0011
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 001B0F46
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 001B00C0
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 001B00A5
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 001B0F79
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 001B0FA5
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 001B0F8A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 001B00DB
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 001B0036
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 001B0F35
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 001B0047
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 001B0F57
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeA 778FDBA8 3 Bytes JMP 001B0FD4
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeA + 4 778FDBAC 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!WinExec 778FEDB2 3 Bytes JMP 001B0094
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!WinExec + 4 778FEDB6 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx 778FFD51 3 Bytes JMP 001B0F68
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx + 4 778FFD55 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_open 76407E48 5 Bytes JMP 003F000C
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 003F0070
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!system 7643B16F 5 Bytes JMP 003F005F
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 003F0FEF
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 003F0044
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wopen 76440570 5 Bytes JMP 003F0029
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 001C0065
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 001C004A
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 001C0076
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 001C002F
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 001C001E
.text C:\Windows\system32\svchost.exe[2444] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\svchost.exe[2444] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 002D0014
.text C:\Windows\system32\svchost.exe[2444] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 002D0FDE
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 002B0087
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 002B00D8
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 002B00BD
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 002B0025
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 002B0F83
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 002B0FA5
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 002B0F94
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 002B00E9
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 002B0036
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 002B0F43
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 002B0047
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 002B0076
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 002B0FD4
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 002B00A2
.text C:\Windows\system32\svchost.exe[2444] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 002B0F68
.text C:\Windows\system32\svchost.exe[2444] msvcrt.dll!_open 76407E48 5 Bytes JMP 004F0000
.text C:\Windows\system32\svchost.exe[2444] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 004F0036
.text C:\Windows\system32\svchost.exe[2444] msvcrt.dll!system 7643B16F 5 Bytes JMP 004F0FAB
.text C:\Windows\system32\svchost.exe[2444] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 004F0FD7
.text C:\Windows\system32\svchost.exe[2444] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 004F0FC6

.text C:\Windows\system32\svchost.exe[2444] msvcrt.dll!_wopen 76440570 5 Bytes JMP 004F0011
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 002C0036
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 002C0062
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 002C0047
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 002C0FA5
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 002C0025
.text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 002C0FDE
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[3160] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 6F3899A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[3160] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 6F389A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[3536] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00040000
.text C:\Windows\System32\svchost.exe[3536] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00040FDB
.text C:\Windows\System32\svchost.exe[3536] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00040011
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00010F57
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 00010F10
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 00010F2B
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 0001002F
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00010F83
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00010065
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 000100C0
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 00010F3C
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00010FC3
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00010F68
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 0001009B
.text C:\Windows\System32\svchost.exe[3536] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00010076
.text C:\Windows\System32\svchost.exe[3536] msvcrt.dll!_open 76407E48 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3536] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 000F0058
.text C:\Windows\System32\svchost.exe[3536] msvcrt.dll!system 7643B16F 5 Bytes JMP 000F003D
.text C:\Windows\System32\svchost.exe[3536] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 000F0011
.text C:\Windows\System32\svchost.exe[3536] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 000F002C
.text C:\Windows\System32\svchost.exe[3536] msvcrt.dll!_wopen 76440570 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 0010000A
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00100040
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00100051
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00100FB9
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00100FE5
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00100062
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00100FD4
.text C:\Windows\System32\svchost.exe[3536] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00100025
.text C:\Windows\System32\svchost.exe[3536] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00200FEF
.text C:\Windows\System32\svchost.exe[3536] WININET.dll!InternetOpenA 76214E3C 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[3536] WININET.dll!InternetOpenUrlA 7621BFDE 5 Bytes JMP 00220FD4
.text C:\Windows\System32\svchost.exe[3536] WININET.dll!InternetOpenW 7624C126 5 Bytes JMP 0022000A
.text C:\Windows\System32\svchost.exe[3536] WININET.dll!InternetOpenUrlW 7627D8D2 5 Bytes JMP 0022002F
.text C:\Windows\system32\svchost.exe[3732] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3732] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 0004002C
.text C:\Windows\system32\svchost.exe[3732] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 000100B0
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 000100E3
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 000100D2
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00010084
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00010073
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 000100F4
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 000100C1
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 00010F87
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 00010F58
.text C:\Windows\system32\svchost.exe[3732] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00010095
.text C:\Windows\system32\svchost.exe[3732] msvcrt.dll!_open 76407E48 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[3732] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 000F0044
.text C:\Windows\system32\svchost.exe[3732] msvcrt.dll!system 7643B16F 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\svchost.exe[3732] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 000F0029
.text C:\Windows\system32\svchost.exe[3732] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 000F0FD4
.text C:\Windows\system32\svchost.exe[3732] msvcrt.dll!_wopen 76440570 5 Bytes JMP 000F000C
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00140000
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00140047
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00140FA5
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 00140FB6
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 0014001B
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00140F8A
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00140036
.text C:\Windows\system32\svchost.exe[3732] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00140FE5
.text C:\Windows\system32\svchost.exe[3732] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[4796] ntdll.dll!NtCreateFile 77D455C8 5 Bytes JMP 0004000A
.text C:\Windows\System32\svchost.exe[4796] ntdll.dll!NtCreateProcess 77D45698 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[4796] ntdll.dll!NtProtectVirtualMemory 77D45F18 5 Bytes JMP 00040025
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!GetStartupInfoA 77871E10 5 Bytes JMP 00010098
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreateProcessW 7787204D 5 Bytes JMP 000100D5

.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreateProcessA 77872082 5 Bytes JMP 00010F4A
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreateNamedPipeW 778A2D47 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!VirtualProtect 778B2BCD 5 Bytes JMP 00010F80
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!LoadLibraryExA 778B4466 5 Bytes JMP 00010058
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!LoadLibraryExW 778B5079 5 Bytes JMP 00010F9B
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!GetProcAddress 778BCC94 5 Bytes JMP 000100F0
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!LoadLibraryA 778BDC65 5 Bytes JMP 0001002C
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!GetStartupInfoW 778BE2DD 5 Bytes JMP 000100B3
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreateFileW 778BE8A5 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreateFileA 778BEA61 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!LoadLibraryW 778BEF42 5 Bytes JMP 00010047
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreatePipe 778D12A6 5 Bytes JMP 0001007D
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!CreateNamedPipeA 778FDBA8 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!WinExec 778FEDB2 5 Bytes JMP 000100C4
.text C:\Windows\System32\svchost.exe[4796] kernel32.dll!VirtualProtectEx 778FFD51 5 Bytes JMP 00010F6F
.text C:\Windows\System32\svchost.exe[4796] msvcrt.dll!_open 76407E48 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[4796] msvcrt.dll!_wsystem 7643B04F 5 Bytes JMP 000F0FB2
.text C:\Windows\System32\svchost.exe[4796] msvcrt.dll!system 7643B16F 5 Bytes JMP 000F0FCD
.text C:\Windows\System32\svchost.exe[4796] msvcrt.dll!_creat 7643ED29 5 Bytes JMP 000F0022
.text C:\Windows\System32\svchost.exe[4796] msvcrt.dll!_wcreat 7644038E 5 Bytes JMP 000F003D
.text C:\Windows\System32\svchost.exe[4796] msvcrt.dll!_wopen 76440570 5 Bytes JMP 000F0011
.text C:\Windows\System32\svchost.exe[4796] WS2_32.dll!socket 775F3EB8 5 Bytes JMP 0010000A
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegOpenKeyA 77C3CC15 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegCreateKeyA 77C3CD01 5 Bytes JMP 00180FD4
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegCreateKeyExA 77C41469 5 Bytes JMP 00180FB9
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegCreateKeyW 77C41514 5 Bytes JMP 0018005B
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegOpenKeyW 77C42459 5 Bytes JMP 00180025
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegCreateKeyExW 77C440FE 5 Bytes JMP 00180080
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegOpenKeyExW 77C4468D 5 Bytes JMP 00180FE5
.text C:\Windows\System32\svchost.exe[4796] ADVAPI32.dll!RegOpenKeyExA 77C44907 5 Bytes JMP 00180040

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00E3A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [716AEB24] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtFlushBuffersFile] [716AEA9E] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] [716B09DF] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [716AEBEB] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtEnumerateValueKey] [716B08AE] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtSetValueKey] [716B08F6] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] [716AEC2A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryKey] [716AEB78] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtOpenKeyEx] [716B095B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeleteKey] [716B09CD] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtSetValueKey] [716B08F6] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] [716B09DF] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [716AEB24] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtWriteFile] [716AEBEB] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll

IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtSetInformationFile] [716AEC2A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtQueryKey] [716AEB78] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] [716B08F6] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtDeleteKey] [716B09CD] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtOpenKeyEx] [716B095B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtWriteFile] [716AEBEB] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtSetInformationFile] [716AEC2A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtQueryKey] [716AEB78] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!ZwClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!ZwDeleteKey] [716B09CD] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] [716B09DF] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!ZwCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [ntdll.dll!ZwQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [716AEAD4] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] [716AEC2A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [716AEAD4] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\winlogon.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtFlushBuffersFile] [716AEA9E] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] [716B09DF] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [716AEBEB] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtEnumerateValueKey] [716B08AE] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtSetValueKey] [716B08F6] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtSetInformationFile] [716AEC2A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtQueryKey] [716AEB78] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtOpenKeyEx] [716B095B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeleteKey] [716B09CD] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtSetValueKey] [716B08F6] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] [716B09DF] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [716AEB24] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtSetInformationFile] [716AEC2A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [716AEAD4] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [716AEB54] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [716AEB66] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtOpenKey] [716B0941] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtQueryValueKey] [716B08D2] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtClose] [716B0979] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtQueryKey] [716AEB78] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtOpenFile] [716AEB94] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] [716B091A] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] [716B08F6] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtDeleteKey] [716B09CD] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtQueryInformationFile] [716AEC4B] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] [716AEBB8] C:\Windows\system32\protector.dll
IAT C:\Windows\system32\nvvsvc.exe[1152] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtOpenKeyEx] [716B095B] C:\Windows\system32\protector.dll

#6 MsMariee

MsMariee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 08 January 2012 - 09:17 PM

Question: About how long is the GMER suppose to be?
It seems as though my log is rather long

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:41 AM

Posted 08 January 2012 - 09:18 PM

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 MsMariee

MsMariee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 08 January 2012 - 09:30 PM

http://www.filedropper.com/gmer_3

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:41 AM

Posted 08 January 2012 - 09:49 PM

I don't see much so far...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 MsMariee

MsMariee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 AM

Posted 09 January 2012 - 03:44 AM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 00:28:04
-----------------------------
00:28:04.701 OS Version: Windows 6.1.7601 Service Pack 1
00:28:04.702 Number of processors: 2 586 0x301
00:28:04.706 ComputerName: PRETTY-N-PINK UserName: Dyisha
00:28:27.534 Initialize success
00:33:30.463 AVAST engine defs: 12010801
00:38:47.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
00:38:47.829 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
00:38:48.360 Disk 0 MBR read successfully
00:38:48.363 Disk 0 MBR scan
00:38:48.370 Disk 0 Windows 7 default MBR code
00:38:48.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294059 MB offset 2048
00:38:48.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 602234880
00:38:48.838 Disk 0 scanning sectors +625135616
00:38:49.294 Disk 0 scanning C:\Windows\system32\drivers
00:43:19.588 Service scanning
00:43:23.713 Modules scanning
00:49:59.514 Disk 0 trace - called modules:
00:49:59.663 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys HSX_CNXT.sys
00:49:59.701 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8615eac8]
00:49:59.746 3 CLASSPNP.SYS[8aa0459e] -> nt!IofCallDriver -> [0x860ab900]
00:49:59.781 5 ACPI.sys[8a99f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x86091338]
00:50:04.905 AVAST engine scan C:\Windows
00:50:19.415 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
00:53:47.272 AVAST engine scan C:\Windows\system32
01:24:43.885 AVAST engine scan C:\Windows\system32\drivers
01:28:41.344 AVAST engine scan C:\Users\Dyisha
01:33:15.777 Disk 0 MBR has been saved successfully to "C:\Users\Dyisha\Desktop\MBR.dat"
01:33:15.824 The log file has been saved successfully to "C:\Users\Dyisha\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 01:35:59
-----------------------------
01:35:59.114 OS Version: Windows 6.1.7601 Service Pack 1
01:35:59.114 Number of processors: 2 586 0x301
01:35:59.114 ComputerName: PRETTY-N-PINK UserName: Dyisha
01:36:01.610 Initialize success
01:36:08.380 AVAST engine defs: 12010801
01:36:15.525 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
01:36:15.525 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
01:36:16.211 Disk 0 MBR read successfully
01:36:16.227 Disk 0 MBR scan
01:36:16.227 Disk 0 Windows 7 default MBR code
01:36:16.383 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294059 MB offset 2048
01:36:16.570 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 602234880
01:36:16.742 Disk 0 scanning sectors +625135616
01:36:18.130 Disk 0 scanning C:\Windows\system32\drivers
01:39:30.572 Service scanning
01:39:32.834 Modules scanning
01:45:57.873 Disk 0 trace - called modules:
01:45:57.982 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys nvlddmkm.sys dxgmms1.sys
01:45:57.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8615eac8]
01:45:58.013 3 CLASSPNP.SYS[8aa0459e] -> nt!IofCallDriver -> [0x860ab900]
01:45:58.013 5 ACPI.sys[8a99f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x86091338]
01:45:59.527 AVAST engine scan C:\Windows
01:46:20.836 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
01:50:28.315 AVAST engine scan C:\Windows\system32
02:27:42.578 AVAST engine scan C:\Windows\system32\drivers
02:34:27.226 AVAST engine scan C:\Users\Dyisha
03:43:42.052 Disk 0 MBR has been saved successfully to "C:\Users\Dyisha\Desktop\MBR.dat"
03:43:42.083 The log file has been saved successfully to "C:\Users\Dyisha\Desktop\aswMBR.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:41 AM

Posted 09 January 2012 - 10:28 AM

You'll need to go for more advanced checks.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 Karla Sillen

Karla Sillen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 25 July 2012 - 09:08 AM

Its not any infection even its it's just a different browser. I am using GoOnSearch only, really nice work and speed too.

Edited by Karla Sillen, 25 July 2012 - 09:09 AM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:41 AM

Posted 25 July 2012 - 11:21 AM

Very well then :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users