Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Desktop and Start Menu items


  • This topic is locked This topic is locked
2 replies to this topic

#1 mat58

mat58

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:05:15 PM

Posted 05 January 2012 - 07:44 PM

I am helping a friend of mine with her computer. She has 2 user accounts, one of which no longer has desktop icons or start menu items. I am not sure if it is a virus infection or not, but I have prepared the logs for you to review. Thank you in advance for your help.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Admin at 16:49:59 on 2012-01-05
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3060.1614 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Online Backup\MOBKstat.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111219203804.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AllstateGateway32] %ProgramFiles (x86)%\allstate\go gateway install\gogatewaymove.exe
mRun: [AllstateGateway] %ProgramFiles%\allstate\go gateway install\gogatewaymove.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~2.lnk - c:\program files\mcafee online backup\MOBKstat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: accessallstate.com
Trusted Zone: aicpcu.org
Trusted Zone: allstate-lcec.lrn.com
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\webmail
Trusted Zone: allstateagencies.com
Trusted Zone: allstatehelp.com
Trusted Zone: allstateinsurance.skillwsa.com
Trusted Zone: bisyseducation.com
Trusted Zone: custhelp.com
Trusted Zone: elementk.com
Trusted Zone: gotoassist.com
Trusted Zone: insmark.com
Trusted Zone: insmark.us
Trusted Zone: insmarkstore.com
Trusted Zone: learn.net
Trusted Zone: nicta.org
Trusted Zone: sumtotalsystems.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} - hxxp://allstate.sumtotalsystems.com/sumtotal/core/common/ScheduleServices/ScheduleServices.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://allstate.webex.com/client/T26L10NSP49EP12/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{05016122-9A67-47C8-AE34-E860A98CB459} : DhcpNameServer = 204.130.255.3 209.63.0.6 192.168.1.1 204.130.255.3 209.63.0.6
TCP: Interfaces\{0D805077-449D-4557-9C4E-65E62C8EB5BF} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-5 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-26 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-26 165680]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-7 94880]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-26 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-26 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-26 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-26 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-26 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-26 150856]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-26 57600]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-24 212992]
R3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500vista.sys [2011-10-2 1073216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-5 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-5 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-26 338176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-19 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-19 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-26 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-5 40552]
.
=============== Created Last 30 ================
.
2012-01-05 23:46:36 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80bfb7ea-9a60-42ba-b127-5b0b28f6beec}\offreg.dll
2012-01-03 16:03:32 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80bfb7ea-9a60-42ba-b127-5b0b28f6beec}\mpengine.dll
2011-12-22 00:16:21 -------- d-----w- c:\program files\ESET
2011-12-21 23:51:50 -------- d-----w- c:\program files\CCleaner
2011-12-21 23:31:32 -------- d-----w- c:\programdata\Malwarebytes
2011-12-21 23:31:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 23:30:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-21 06:07:00 9006072 ----a-w- c:\programdata\TempMOBK-update-4ec82966293498cc5bd9350557ef54e8.exe
2011-12-20 16:02:18 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-12-19 06:06:41 9014392 ----a-w- c:\programdata\TempMOBK-update-27ba6a9b9808bda40c3540a47bb1ff3c.exe
2011-12-16 06:05:47 9734240 ----a-w- c:\programdata\TempMOBK-update-6f587c3c1a49f2fdf5254a3e5ed05791.exe
2011-12-15 03:02:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 03:02:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 03:02:38 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 03:02:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 03:02:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 03:02:33 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 03:02:28 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:42:07 -------- d-----w- c:\program files\iPod
2011-12-14 22:42:05 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-11-30 16:16:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 12:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 20:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 20:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 20:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 20:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 20:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 20:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 20:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 20:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 20:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 20:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 16:52:30.21 ===============

Every time I tried to attach files, I received a message that the file was too big to upload. I apologize in advance, but I am including the contents here:

ARK.TXT file


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-05 17:26:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-75M0A0 rev.01.03E01
Running: blq6py3h.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxddrpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A044498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A0444C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A0444AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A044484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8226E982 5 Bytes JMP 8A044488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82434143 5 Bytes JMP 8A0444C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8245389A 7 Bytes JMP 8A04449C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82453B5D 5 Bytes JMP 8A0444B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\Admin\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[628] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00110FEF
.text C:\Windows\system32\svchost.exe[628] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00110025
.text C:\Windows\system32\svchost.exe[628] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00080F57
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 0008009D
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000800C2
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00080F21
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00080082
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 0008002F
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00080F72
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00080FA8
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00080054
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00080065
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00080FC3
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00080F83
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 000800DD
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00080FD4
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00080F46
.text C:\Windows\system32\svchost.exe[628] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00090FAB
.text C:\Windows\system32\svchost.exe[628] msvcrt.dll!system 7605804B 5 Bytes JMP 00090FBC
.text C:\Windows\system32\svchost.exe[628] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[628] msvcrt.dll!_open 7605D106 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[628] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00090FCD
.text C:\Windows\system32\svchost.exe[628] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 000A005B
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 000A0040
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 000A0076
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 000A0014
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 000A002F
.text C:\Windows\system32\svchost.exe[628] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00100000
.text C:\Windows\system32\services.exe[724] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00750FEF
.text C:\Windows\system32\services.exe[724] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 0075001B
.text C:\Windows\system32\services.exe[724] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 0075000A
.text C:\Windows\system32\services.exe[724] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00740F37
.text C:\Windows\system32\services.exe[724] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00740F52
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 007400A2
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00740F0B
.text C:\Windows\system32\services.exe[724] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00740058
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00740FCA
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00740FB9
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00740F6D
.text C:\Windows\system32\services.exe[724] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00740047
.text C:\Windows\system32\services.exe[724] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00740036
.text C:\Windows\system32\services.exe[724] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00740F94
.text C:\Windows\system32\services.exe[724] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0074001B
.text C:\Windows\system32\services.exe[724] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00740073
.text C:\Windows\system32\services.exe[724] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 007400B3
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00740000
.text C:\Windows\system32\services.exe[724] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00740FEF
.text C:\Windows\system32\services.exe[724] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00740F1C
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00D60F9E
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00D60036
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00D60000
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00D60FAF
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00D6005B
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00D6001B
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00D60FCA
.text C:\Windows\system32\services.exe[724] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 007B0036
.text C:\Windows\system32\services.exe[724] msvcrt.dll!system 7605804B 5 Bytes JMP 007B0FAB
.text C:\Windows\system32\services.exe[724] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 007B0FC6
.text C:\Windows\system32\services.exe[724] msvcrt.dll!_open 7605D106 5 Bytes JMP 007B0000
.text C:\Windows\system32\services.exe[724] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 007B001B
.text C:\Windows\system32\services.exe[724] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 007B0FD7
.text C:\Windows\system32\services.exe[724] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\lsass.exe[740] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\lsass.exe[740] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 000A0025
.text C:\Windows\system32\lsass.exe[740] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 000A0014
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00080F19
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00080F2A
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 0008008B
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00080EFE
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00080F6A
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00080011
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00080022
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00080055
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00080F87
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00080044
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00080F98
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00080033
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00080F45
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00080EE3
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00080000
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00080FEF
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 0008007A
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 0087006C
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00870FCA
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00870FEF
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00870047
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00870FA5
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00870025
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00870014
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00870036
.text C:\Windows\system32\lsass.exe[740] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00860FA8
.text C:\Windows\system32\lsass.exe[740] msvcrt.dll!system 7605804B 5 Bytes JMP 00860FC3
.text C:\Windows\system32\lsass.exe[740] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00860FDE
.text C:\Windows\system32\lsass.exe[740] msvcrt.dll!_open 7605D106 5 Bytes JMP 0086000C
.text C:\Windows\system32\lsass.exe[740] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00860029
.text C:\Windows\system32\lsass.exe[740] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00860FEF
.text C:\Windows\system32\lsass.exe[740] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 000D0F3C
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 000D0F4D
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000D009D
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 000D0F10
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 000D0F8D
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 000D0014
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 000D0F72
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 000D005B
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 000D004A
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 000D0FA8
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 000D0039
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 000D0082
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 000D00B8
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 000D0FD4
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\svchost.exe[924] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 000D0F21
.text C:\Windows\system32\svchost.exe[924] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00200FE5
.text C:\Windows\system32\svchost.exe[924] msvcrt.dll!system 7605804B 5 Bytes JMP 0020007A
.text C:\Windows\system32\svchost.exe[924] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00200044
.text C:\Windows\system32\svchost.exe[924] msvcrt.dll!_open 7605D106 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[924] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 0020005F
.text C:\Windows\system32\svchost.exe[924] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 0020001D
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00210062
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00210051
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00210FCA
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 0021007D
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00210025
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00210040
.text C:\Windows\system32\svchost.exe[924] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00140FD4
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 000F0087
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 000F0F37
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000F0F0B
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 000F0F26
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 000F0F63
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 000F0FC0
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 000F0F52
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 000F0F80
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 000F003D
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 000F0F9B
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 000F002C
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 000F0058
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 000F0EE6
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 000F0098
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00190069
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!system 7605804B 5 Bytes JMP 0019004E
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_open 7605D106 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00190FDE
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00190029
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 001A0FB2
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 001A0039
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 001A0054
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 001A0065
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 001A0FDE
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 001A001E
.text C:\Windows\system32\svchost.exe[988] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00620000
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 0062002C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00620011
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00610F5A
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 006100A0
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 006100CC
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00610F2B
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00610F97
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00610FD4
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 0061001B
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00610F75
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00610071
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00610FA8
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 0061004A
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00610FB9
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00610F86
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00610F1A
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileW 75D8B0EB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00610FEF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 0061000A
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 006100B1
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00C60FAD
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!system 7605804B 5 Bytes JMP 00C60FC8
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00C6001D
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_open 7605D106 5 Bytes JMP 00C60000
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00C60038
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00C60FE3
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00C70F76
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00C70FAC
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00C70000
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00C70F9B
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00C70033
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00C70011
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00C70FE5
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00C70022
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00DC0000
.text C:\Windows\System32\svchost.exe[1040] WININET.dll!InternetOpenA 773E4E3C 5 Bytes JMP 00DD0000
.text C:\Windows\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlA 773EBFDE 5 Bytes JMP 00DD0FC0
.text C:\Windows\System32\svchost.exe[1040] WININET.dll!InternetOpenW 7741C126 5 Bytes JMP 00DD0FE5
.text C:\Windows\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlW 7744D8D2 5 Bytes JMP 00DD001B
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00340FE5
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00340000
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00340FCA
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 0033009B
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00330F4B
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 003300B6
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00330F1F
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 0033006F
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00330FDE
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00330FCD
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00330F66
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00330054
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00330F97
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00330043
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00330FBC
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00330080
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00330EFA
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileW 75D8B0EB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00330FEF
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00330000
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00330F30
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00D9001D
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!system 7605804B 5 Bytes JMP 00D90F92
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00D90FD2
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_open 7605D106 5 Bytes JMP 00D90FEF
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00D90FB7
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00D9000C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00DE0062
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00DE0040
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00DE0051
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00DE0FA5
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00DE0FD4
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00DE0FE5
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00DE0025
.text C:\Windows\System32\svchost.exe[1112] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 01680FEF
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 01680011
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 01680000
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00E4008A
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00E40F44
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00E400C0
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00E40F1F
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00E4005B
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00E40FE5
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00E40FD4
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00E40F55
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00E40F8D
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00E40FA8
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00E4004A
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00E40FC3
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00E40F66
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00E40F04
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00E4001B
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00E4000A
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00E4009B
.text C:\Windows\System32\svchost.exe[1176] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 01690FB9
.text C:\Windows\System32\svchost.exe[1176] msvcrt.dll!system 7605804B 5 Bytes JMP 01690044
.text C:\Windows\System32\svchost.exe[1176] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 01690FEF
.text C:\Windows\System32\svchost.exe[1176] msvcrt.dll!_open 7605D106 5 Bytes JMP 0169000C
.text C:\Windows\System32\svchost.exe[1176] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 01690FD4
.text C:\Windows\System32\svchost.exe[1176] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 01690029
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 016E0047
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 016E0036
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 016E0000
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 016E0FAF
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 016E0058
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 016E0FD4
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 016E0FE5
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 016E0025
.text C:\Windows\System32\svchost.exe[1176] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 01830FEF
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00E70FE5
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00E70FC0
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00E70000
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00E400A2
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00E40F66
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00E400D1
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00E40F30
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00E40F92
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00E40FCA
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00E4001B
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00E40F81
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00E4006C
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00E40FAF
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00E40051
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00E40040
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00E40091
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00E40F1F
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00E40000
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00E40FEF
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00E40F41
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00E8006E
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!system 7605804B 5 Bytes JMP 00E8005D
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00E80027
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_open 7605D106 5 Bytes JMP 00E80000
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00E80042
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00E80FE3
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00E60FC3
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00E60051
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00E60FEF
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00E60FD4
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00E60076
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00E6001B
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00E6000A
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00E60040
.text C:\Windows\system32\svchost.exe[1212] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00EA0000
.text C:\Windows\system32\svchost.exe[1212] WININET.dll!InternetOpenA 773E4E3C 5 Bytes JMP 011D0FEF
.text C:\Windows\system32\svchost.exe[1212] WININET.dll!InternetOpenUrlA 773EBFDE 5 Bytes JMP 011D0FD4
.text C:\Windows\system32\svchost.exe[1212] WININET.dll!InternetOpenW 7741C126 5 Bytes JMP 011D0014
.text C:\Windows\system32\svchost.exe[1212] WININET.dll!InternetOpenUrlW 7744D8D2 5 Bytes JMP 011D0025
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 000D002F
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 000D000A
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 000B0EFC
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 000B004C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000B007F
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 000B006E
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 000B0F4D
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 000B0014
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 000B0F17
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 000B0F68
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 000B0025
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 000B0FA8
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 000B0F3C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 000B0ECD
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 000B005D
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 000E0038
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!system 7605804B 5 Bytes JMP 000E0027
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 000E0FC8
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_open 7605D106 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 000E0FB7
.text C:\Windows\system32\svchost.exe[1372] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 000E000C
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 000C0062
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 000C0FC0
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 000C000A
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 000C0047
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 000C0073
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 000C002C
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 000C001B
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 000C0FDB
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00760FC3
.text C:\Windows\system32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00720F45
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 0072008B
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00720F08
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00720F23
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00720F85
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 0072002C
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00720FDB
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00720F6A
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00720FA0
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00720058
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00720069
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00720047
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 0072007A
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 007200BA
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 0072001B
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00720000
.text C:\Windows\system32\svchost.exe[1404] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00720F34
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00730025
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!system 7605804B 5 Bytes JMP 00730F9A
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00730FAB
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_open 7605D106 5 Bytes JMP 00730FEF
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00730000
.text C:\Windows\system32\svchost.exe[1404] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00730FD2
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00740F61
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00740F8D
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00740FE5
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00740F7C
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00740F46
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00740FB9
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00740FD4
.text C:\Windows\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00740F9E
.text C:\Windows\system32\svchost.exe[1404] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00750000
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 009D0025
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 0036005E
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00360F18
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00360EDB
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00360EEC
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00360039
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00360FC3
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00360FA8
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00360F29
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00360F5F
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00360F97
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00360F86
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00360014
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00360F44
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00360097
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00360FD4
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00360F07
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 009F004E
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!system 7605804B 5 Bytes JMP 009F0033
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 009F0018
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_open 7605D106 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 009F0FC3
.text C:\Windows\system32\svchost.exe[1468] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 009F0FDE
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 008D0F8A
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 008D002C
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 008D0FE5
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 008D0FA5
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 008D0F79
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 008D0FCA
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 008D0011
.text C:\Windows\system32\svchost.exe[1468] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenA 773E4E3C 5 Bytes JMP 00DA0FE5
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 773EBFDE 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenW 7741C126 5 Bytes JMP 00DA0FCA
.text C:\Windows\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 7744D8D2 5 Bytes JMP 00DA0025
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 0001008E
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00010073
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 0001009F
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00010F48
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00010F63
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00010EFE
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[1496] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00010F23
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00060FBC
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!system 7605804B 5 Bytes JMP 00060047
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00060022
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_open 7605D106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00060FCD
.text C:\Windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[1496] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 008B0FDE
.text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00890F92
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 008900D8
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00890F77
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00890104
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 008900A2
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00890025
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00890FDE
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 008900BD
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00890091
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00890065
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00890076
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0089004A
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00890FAD
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00890F5C
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateFileW 75D8B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00890000
.text C:\Windows\system32\svchost.exe[1604] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 008900F3
.text C:\Windows\system32\svchost.exe[1604] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00900049
.text C:\Windows\system32\svchost.exe[1604] msvcrt.dll!system 7605804B 5 Bytes JMP 00900FBE
.text C:\Windows\system32\svchost.exe[1604] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 0090001D
.text C:\Windows\system32\svchost.exe[1604] msvcrt.dll!_open 7605D106 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[1604] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00900038
.text C:\Windows\system32\svchost.exe[1604] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00900FE3
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 008A0F9E
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 008A0FAF
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 008A0036
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 008A0065
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 008A001B
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 008A0FCA
.text C:\Windows\system32\svchost.exe[1604] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1872] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[1872] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 006A0FDB
.text C:\Windows\system32\svchost.exe[1872] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 006A001B
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 001F007D
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 001F0F37
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 001F00B3
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 001F0098
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 001F0F7E
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 001F0014
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 001F002F
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 001F0F48
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 001F0062
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 001F0040
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 001F0051
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 001F0F63
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 001F0F01
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 001F0FDE
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[1872] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 001F0F1C
.text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00200FC8
.text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!system 7605804B 5 Bytes JMP 00200053
.text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00200038
.text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_open 7605D106 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00200FE3
.text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 0020001D
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 760E39AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00690FAF
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00690040
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00690FE5
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 0069005B
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00690F9E
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00690FD4
.text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[1872] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 006C000A
.text C:\Windows\system32\svchost.exe[2232] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[2232] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00940FD4
.text C:\Windows\system32\svchost.exe[2232] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 007A0F5F
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 007A009B
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 007A00E5
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 007A0F44
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 007A0F8B
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 007A0025
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 007A0040
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 007A008A
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 007A0065
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 007A0FC3
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 007A0FB2
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 007A0FD4
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 007A0F7A
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 007A00F6
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 007A0014
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 007A0FEF
.text C:\Windows\system32\svchost.exe[2232] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 007A00C0
.text C:\Windows\system32\svchost.exe[2232] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 007B005A
.text C:\Windows\system32\svchost.exe[2232] msvcrt.dll!system 7605804B 5 Bytes JMP 007B003F
.text C:\Windows\system32\svchost.exe[2232] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 007B001D
.text C:\Windows\system32\svchost.exe[2232] msvcrt.dll!_open 7605D106 5 Bytes JMP 007B0000
.text C:\Windows\system32\svchost.exe[2232] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 007B002E
.text C:\Windows\system32\svchost.exe[2232] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 007B0FE3
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 007C0F9E
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 007C002F
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 007C0FE5
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 007C0040
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 007C005B
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 007C0014
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 007C0FD4
.text C:\Windows\system32\svchost.exe[2232] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 007C0FC3
.text C:\Windows\system32\svchost.exe[2232] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00930FE5
.text C:\Windows\System32\svchost.exe[2244] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[2244] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00080FC3
.text C:\Windows\System32\svchost.exe[2244] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00080FDE
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00010F26
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00010076
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00010F01
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 000100A2
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00010054
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00010FC3
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00010FB2
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00010F4B
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00010F70
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00010F97
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00010039
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0001001E
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00010065
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00010EF0
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[2244] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00010091
.text C:\Windows\System32\svchost.exe[2244] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 000A0F90
.text C:\Windows\System32\svchost.exe[2244] msvcrt.dll!system 7605804B 5 Bytes JMP 000A0FAB
.text C:\Windows\System32\svchost.exe[2244] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2244] msvcrt.dll!_open 7605D106 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2244] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 000A001B
.text C:\Windows\System32\svchost.exe[2244] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 000A0FC6
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 000B004A
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 000B0FC3
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 000B0000
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 000B0FB2
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 000B0065
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 000B0FDE
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 000B0FEF
.text C:\Windows\System32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 000B002F
.text C:\Windows\System32\svchost.exe[2336] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 0008000A
.text C:\Windows\System32\svchost.exe[2336] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00080FDE
.text C:\Windows\System32\svchost.exe[2336] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00050F29
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 0005006F
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00050EE2
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00050EF3
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00050F5F
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00050F44
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00050F7C
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00050054
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00050ED1
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2336] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00050F0E
.text C:\Windows\System32\svchost.exe[2336] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00060F8B
.text C:\Windows\System32\svchost.exe[2336] msvcrt.dll!system 7605804B 5 Bytes JMP 00060FA6
.text C:\Windows\System32\svchost.exe[2336] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00060FC1
.text C:\Windows\System32\svchost.exe[2336] msvcrt.dll!_open 7605D106 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2336] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00060016
.text C:\Windows\System32\svchost.exe[2336] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00060FD2
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00070040
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00070F8A
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00070FDE
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00070025
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2712] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 6FD09A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2712] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 6FD099A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3864] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[3864] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00040FDB
.text C:\Windows\Explorer.EXE[3864] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00040011
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00010F5E
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00010F6F
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000100EB
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 000100DA
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 0001006E
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00010FAF
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 0001009A
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00010036
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00010047
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00010089
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00010F2F
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00010FE5
.text C:\Windows\Explorer.EXE[3864] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 000100C9
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00060F8D
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00060025
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00060FA8
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 0006004A
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00060FCA
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00060FE5
.text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00060FB9
.text C:\Windows\Explorer.EXE[3864] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00070FAB
.text C:\Windows\Explorer.EXE[3864] msvcrt.dll!system 7605804B 5 Bytes JMP 00070FBC
.text C:\Windows\Explorer.EXE[3864] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00070022
.text C:\Windows\Explorer.EXE[3864] msvcrt.dll!_open 7605D106 5 Bytes JMP 00070000
.text C:\Windows\Explorer.EXE[3864] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00070FCD
.text C:\Windows\Explorer.EXE[3864] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00070011
.text C:\Windows\Explorer.EXE[3864] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 01800FEF
.text C:\Windows\Explorer.EXE[3864] WININET.dll!InternetOpenA 773E4E3C 5 Bytes JMP 02760000
.text C:\Windows\Explorer.EXE[3864] WININET.dll!InternetOpenUrlA 773EBFDE 5 Bytes JMP 02760036
.text C:\Windows\Explorer.EXE[3864] WININET.dll!InternetOpenW 7741C126 5 Bytes JMP 02760025
.text C:\Windows\Explorer.EXE[3864] WININET.dll!InternetOpenUrlW 7744D8D2 5 Bytes JMP 0276005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 0004000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00040FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 00010106
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 000100F5
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00010139
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00010128
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 000100AE
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 0001004A
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 000100DA
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 00010091
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00010076
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0001005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 000100BF
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 0001014A
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 0001001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 0001000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00010117
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00050FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00050FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00050000
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00050051
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00050FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00050025
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00050FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00050040
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!EnableWindow 76D3CD8B 5 Bytes JMP 6C319A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamW 76D610B0 5 Bytes JMP 6C27170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamW 76D62EF5 5 Bytes JMP 6C4662BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamA 76D78152 5 Bytes JMP 6C466259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamA 76D7847D 5 Bytes JMP 6C466323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectA 76D8D4D9 5 Bytes JMP 6C4661E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectW 76D8D5D3 5 Bytes JMP 6C466167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExA 76D8D639 5 Bytes JMP 6C466103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExW 76D8D65D 5 Bytes JMP 6C46609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 00060F81
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] msvcrt.dll!system 7605804B 5 Bytes JMP 00060F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00060FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] msvcrt.dll!_open 7605D106 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00060FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] WININET.dll!InternetOpenA 773E4E3C 5 Bytes JMP 0007000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] WININET.dll!InternetOpenUrlA 773EBFDE 5 Bytes JMP 0007002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] WININET.dll!InternetOpenW 7741C126 5 Bytes JMP 0007001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] WININET.dll!InternetOpenUrlW 7744D8D2 5 Bytes JMP 00070051
.text C:\Program Files\Internet Explorer\iexplore.exe[4696] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00D00000
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00040FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 0001009B
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 00010F55
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 000100C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00010F29
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 0001005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00010FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00010F66
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 0001004A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00010F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00010F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 00010076
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 000100D1
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateThread 75D8CB2E 5 Bytes JMP 6C2D7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 0001000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 00010F3A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00050F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00050FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00050000
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00050FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00050F83
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 00050011
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00050FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 0005002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogParamW 76D372A2 5 Bytes JMP 6C466628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!GetAsyncKeyState 76D3863C 5 Bytes JMP 6C2BDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetWindowsHookExW 76D387AD 5 Bytes JMP 6C312194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CallNextHookEx 76D38E3B 5 Bytes JMP 6C337BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!UnhookWindowsHookEx 76D398DB 5 Bytes JMP 6C35EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!EnableWindow 76D3CD8B 5 Bytes JMP 6C319A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DefWindowProcA 76D3DB88 7 Bytes JMP 6C2D952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateWindowExA 76D3DC2A 5 Bytes JMP 6C2E3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateWindowExW 76D41305 5 Bytes JMP 6C33FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!GetKeyState 76D48CB1 5 Bytes JMP 6C2BDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DefWindowProcW 76D503B4 7 Bytes JMP 6C337C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!IsDialogMessageW 76D50745 5 Bytes JMP 6C466D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogParamA 76D517AA 5 Bytes JMP 6C4665F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!IsDialogMessage 76D51847 2 Bytes JMP 6C466D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!IsDialogMessage + 3 76D5184A 2 Bytes [71, F5] {JNO 0xfffffffffffffff7}
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogIndirectParamA 76D526F1 5 Bytes JMP 6C466660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogIndirectParamW 76D59A62 5 Bytes JMP 6C466698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetKeyboardState 76D60987 5 Bytes JMP 6C467649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamW 76D610B0 5 Bytes JMP 6C27170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamW 76D62EF5 5 Bytes JMP 6C4662BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SendInput 76D62F75 5 Bytes JMP 6C4675F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!EndDialog 76D6326E 5 Bytes JMP 6C46702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetCursorPos 76D76FB2 5 Bytes JMP 6C4676CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamA 76D78152 5 Bytes JMP 6C466259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamA 76D7847D 5 Bytes JMP 6C466323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectA 76D8D4D9 5 Bytes JMP 6C4661E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectW 76D8D5D3 5 Bytes JMP 6C466167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExA 76D8D639 5 Bytes JMP 6C466103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExW 76D8D65D 5 Bytes JMP 6C46609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!keybd_event 76D8D972 5 Bytes JMP 6C4675AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 0006005D
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] msvcrt.dll!system 7605804B 5 Bytes JMP 0006004C
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00060027
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] msvcrt.dll!_open 7605D106 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00060FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] SHELL32.dll!SHRestricted + D95 762789A8 4 Bytes [CF, 01, F1, 6C] {IRET ; ADD ECX, ESI; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] SHELL32.dll!SHRestricted + D9D 762789B0 8 Bytes [E0, 61, F0, 6C, 79, F7, F0, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!OleLoadFromStream 76DF1E80 5 Bytes JMP 6C466A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetOpenA 773E4E3C 5 Bytes JMP 00170FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetOpenUrlA 773EBFDE 5 Bytes JMP 0017000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetOpenW 7741C126 5 Bytes JMP 00170FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetOpenUrlW 7744D8D2 5 Bytes JMP 00170025
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00A90FE5
.text C:\Windows\system32\svchost.exe[4916] ntdll.dll!NtCreateFile 772E4224 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[4916] ntdll.dll!NtCreateProcess 772E42E4 5 Bytes JMP 00040FB9
.text C:\Windows\system32\svchost.exe[4916] ntdll.dll!NtProtectVirtualMemory 772E4B84 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!GetStartupInfoW 75D41929 5 Bytes JMP 0001009A
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!GetStartupInfoA 75D419C9 5 Bytes JMP 0001007F
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreateProcessW 75D41BF3 5 Bytes JMP 00010F1E
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreateProcessA 75D41C28 5 Bytes JMP 00010F39
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!VirtualProtect 75D41DC3 5 Bytes JMP 00010F79
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreateNamedPipeA 75D42EF5 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreateNamedPipeW 75D45C0C 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreatePipe 75D68F06 5 Bytes JMP 00010F5E
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!LoadLibraryExW 75D6927C 5 Bytes JMP 0001005D
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!LoadLibraryW 75D69400 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!LoadLibraryExA 75D69554 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!LoadLibraryA 75D6957C 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!VirtualProtectEx 75D6DC52 5 Bytes JMP 0001006E
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!GetProcAddress 75D8925B 5 Bytes JMP 00010F0D
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreateFileW 75D8B0EB 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!CreateFileA 75D8D07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[4916] kernel32.dll!WinExec 75DD60CF 5 Bytes JMP 000100B5
.text C:\Windows\system32\svchost.exe[4916] msvcrt.dll!_wsystem 76057F2F 5 Bytes JMP 0006005D
.text C:\Windows\system32\svchost.exe[4916] msvcrt.dll!system 7605804B 5 Bytes JMP 00060FC8
.text C:\Windows\system32\svchost.exe[4916] msvcrt.dll!_creat 7605BBE1 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[4916] msvcrt.dll!_open 7605D106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[4916] msvcrt.dll!_wcreat 7605D326 5 Bytes JMP 00060038
.text C:\Windows\system32\svchost.exe[4916] msvcrt.dll!_wopen 7605D501 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegCreateKeyExA 760E39AB 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegCreateKeyA 760E3BA9 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegOpenKeyA 760E89C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegCreateKeyW 760F391E 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegCreateKeyExW 760F41F1 5 Bytes JMP 00070F97
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegOpenKeyExA 760F7C42 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegOpenKeyW 760FE2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[4916] ADVAPI32.dll!RegOpenKeyExW 76107BA1 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[4916] WS2_32.dll!socket 76FF36D1 5 Bytes JMP 00080000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

If you need the contents of the "attach.txt file", please let me know and I will send in my next post.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 11 January 2012 - 08:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436488 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 12 January 2012 - 09:49 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users